Data Privacy

Data Privacy and Security


WSIPC strives to provide parents, districts, Information Service Centers (ISCs), Educational Service Districts (ESDs), and others with clear and easy-to-access information on the privacy and security of the data you have entrusted with us. WSIPC takes seriously its obligation to protect the privacy and security of data collected, used, shared, and stored. These pages contain state and federal policies that WSIPC adheres to, data privacy and security procedures, as well as guidance and resources for various stakeholders.

Security assessments and penetration testing is conducted annually to ensure our daily security practices are fully followed. Security testing and auditing is performed on the following: major software components, database integrity, data access, business continuity and disaster recovery, data classification, media handling, asset management, encryption, incident detection and response, logical access control, malicious code and vulnerability management, mobile device security, personnel security, physical security and environmental controls, and risk management. Additionally, new and replacement hardware/software is evaluated by multiple teams before going live.

Data Privacy deals with the ability of parents, districts, ISCs, and ESDs to determine what data can be shared with third parties. WSIPC requires district approval before we share your data. We contractually require the same approval for any vendor we work with.


Data Privacy and Security Group Memberships

WSIPC personnel serve in a variety of leadership positions with Data Privacy and Security groups:
 

Information for Districts

The use of data helps guide parents, teachers, schools, districts, educational service districts, and state leaders as we work together to improve student achievement so all children graduate ready for college and career. While using data effectively to guide improvement and student achievement, WSIPC takes seriously its moral and legal responsibility to protect student privacy and ensure data confidentiality and security.

OSPI: Protecting Student Privacy. An OSPI list of processes used to help safeguard the confidentiality and security of district’s student data. k12.wa.us/DataAdmin/DataSharing

OSPI: Teach & Learn Internet Safety. An OSPI generated list of high-quality Internet Safety Programs. k12.wa.us/EdTech/teachlearnInternetSafety

OSPI: Electronic Resources Policy. OPSI’s guidance for required district electronic resources (ER) policy. k12.wa.us/EdTech/InternetSafety

OSPI: Records Retention Schedules for School District and Educational Service Districts. sos.wa.gov//archives/RecordsManagement/Records-Retention-Schedules-for-School-Districts-and-Educational-Service-Districts

PTAC: Privacy Technical Assistance Center Guidance Videos. ptac.ed.gov/ptac-guidance-videos

SDPC: Student Data Privacy Consortium link. privacy.a4l.org

Information for Parents

The use of data helps guide parents, teachers, schools, districts, educational service districts, and state leaders as we work together to improve student achievement so all children graduate ready for college and career. While using data effectively to guide improvement and student achievement, WSIPC takes seriously its moral and legal responsibility to protect student privacy and ensure data confidentiality and security.

OSPI: Protecting Student Privacy. An OSPI list of processes used to help safeguard the confidentiality and security of district’s student data. k12.wa.us/DataAdmin/DataSharing

OSPI: Teach & Learn Internet Safety. An OSPI generated list of high-quality Internet Safety Programs. k12.wa.us/EdTech/teachlearnInternetSafety

PTAC: Privacy Technical Assistance Center Guidance Videos. ptac.ed.gov/ptac-guidance-videos

FERPA: Family Educational Rights and Privacy Act site. www2.ed.gov/policy/gen/guid/fpco/ferpa

Agreements and Contracts

WSIPC inserts the following language into its current district agreements:

WSIPC acknowledges that its performance of Services under this Agreement may involve access to confidential information including personally-identifiable information, student records, protected health information, or individual financial information that is subject to state or federal laws/rules restricting the use and disclosure of such information, (reference Family Educational Rights and Privacy Act(20 U.S.C. § 1232g)). WSIPC agrees to comply with said FERPA regulations and will follow the federal guidelines in handling or disclosing personally identifiable information.

The Student Data Privacy Consortium (SDPC) makes available to all districts, the Massachusetts Student Privacy Alliance (MSPA framework), which provides privacy language in contracts with over 50 districts and the vendors they utilize. secure2.cpsd.us/mspa/about_mspa

The Association for Computer Professionals in Education (ACPE) is working with A4L and the SDPC to create a Washington specific version of this tool to streamline contract preparation and management.

Federal and State Laws

Below are some of the applicable federal and state regulations:

CIPA: Children’s Internet Protection Act fcc.gov/consumers/guides/childrens-internet-protection-act

COPPA: Children’s Online Privacy Protection Act ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule

FERPA: Family Educational Rights and Privacy Act www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html

PPRA: Protection of Pupil Rights Amendment www2.ed.gov/policy/gen/guid/fpco/ppra/parents.html

OSPI: Office of the Superintendent of Public Instruction k12.wa.us/RulesRegs.aspx

Resources

Below are resources for data privacy and security in K-12:

OSPI: Office of the Superintendent of Public Instruction k12.wa.us

PTAC: Privacy Technical Assistance Center ptac.ed.gov

SDPC: Student Data Privacy Consortium privacy.a4l.org

Questions and Answers

Is there a federal privacy and security group?
The Privacy Technical Assistance Center run by the US Department of Education provides a number of resources, including guidance on FERPA, guidance on how to use online tools, vendors, and other relevant information.

Are districts required to comply with the guidance from the Privacy Technical Assistance Center (PTAC)?
Districts are encouraged to comply with best practices in regards to breach response and notification but there is no legal requirement to comply with the PTAC guidance.

Contact Us

If you have any questions regarding data privacy or security, please contact WSIPC’s Chief Information Officer (CIO) Jeff Simons at jsimons@wsipc.org or (425) 349-6509.

Contact Us