WSIPC strives to provide parents, districts, Information Service Centers (ISCs), Educational Service Districts (ESDs), and others with clear and easy-to-access information on the privacy and security of the data you have entrusted us with. WSIPC takes seriously its obligation to protect the privacy and security of data collected, used, shared, and stored. These pages contain state and federal policies that WSIPC adheres to, data privacy and security procedures, as well as guidance and resources for various stakeholders.

What is Data Privacy?

Data Privacy deals with the ability of parents, districts, ISCs, and ESDs to determine what data can be shared with third parties. WSIPC requires district approval before we share your data. We contractually require the same approval for any vendor we work with.

Security Assessments

Security assessments and penetration testing are conducted annually to ensure our daily security practices are fully followed. Security testing and auditing is performed on the following: major software components, database integrity, data access, business continuity and disaster recovery, data classification, media handling, asset management, encryption, incident detection and response, logical access control, malicious code and vulnerability management, mobile device security, personnel security, physical security and environmental controls, and risk management. Additionally, new and replacement hardware/software is evaluated by multiple teams before going live.

Data Privacy and Security Group Memberships

WSIPC personnel serve in a variety of leadership positions with Data Privacy and Security groups, including CCSSO, DataQualityCampaign, NCES, CoSN, A4L, and the Data Governance Committee.

Information for Districts

The use of data helps guide parents, teachers, schools, districts, educational service districts, and state leaders as we work together to improve student achievement so all children graduate ready for college and career. While using data effectively to guide improvement and student achievement, WSIPC takes seriously its moral and legal responsibility to protect student privacy and ensure data confidentiality and security.

OSPI: Protecting Student Privacy

An OSPI list of processes used to help safeguard the confidentiality and security of district’s student data. k12.wa.us/DataAdmin/DataSharing

OSPI: Electronic Resources Policy

OPSI’s guidance for required district electronic resources (ER) policy. k12.wa.us/EdTech/InternetSafety


SPPO: Student Privacy Guidance

studentprivacy.ed.gov/content/guidance-videos

OSPI: Teach & Learn Internet Safety

An OSPI generated list of high-quality Internet Safety Programs. k12.wa.us/EdTech/teachlearnInternetSafety



OSPI: Records Retention Schedules

Records Retention Schedules for School District and Educational Service Districts.
sos.wa.gov/archives/recordsmanagement/managing-school-district-records.aspx

SDPC: Student Data Privacy Consortium link

privacy.a4l.org

Information for Parents

The use of data helps guide parents, teachers, schools, districts, educational service districts, and state leaders as we work together to improve student achievement so all children graduate ready for college and career. While using data effectively to guide improvement and student achievement, WSIPC takes seriously its moral and legal responsibility to protect student privacy and ensure data confidentiality and security.

OSPI: Protecting Student Privacy

An OSPI list of processes used to help safeguard the confidentiality and security of district’s student data. k12.wa.us/DataAdmin/DataSharing

SPPO: Student Privacy Guidance Videos 

studentprivacy.ed.gov/content/guidance-videos

OSPI: Teach & Learn Internet Safety

An OSPI generated list of high-quality Internet Safety Programs. k12.wa.us/EdTech/teachlearnInternetSafety


FERPA: Family Educational Rights and Privacy Act site

www2.ed.gov/policy/gen/guid/fpco/ferpa

Agreements and Contracts

WSIPC inserts the following language into its current district agreements:


WSIPC acknowledges that its performance of Services under this Agreement may involve access to confidential information including personally-identifiable information, student records, protected health information, or individual financial information that is subject to state or federal laws/rules restricting the use and disclosure of such information, (reference Family Educational Rights and Privacy Act (20 U.S.C. § 1232g)). WSIPC agrees to comply with said FERPA regulations and will follow the federal guidelines in handling or disclosing personally identifiable information.


The Student Data Privacy Consortium (SDPC) makes available to all districts, the Massachusetts Student Privacy Alliance (MSPA framework), which provides privacy language in contracts with over 50 districts and the vendors they utilize. privacy.a4l.org/about

The Association for Computer Professionals in Education (ACPE) is working with A4L and the SDPC to create a Washington specific version of this tool to streamline contract preparation and management.

Federal and State Laws

The following are some of the applicable federal and state regulations:

CIPA: Children’s Internet Protection Act

fcc.gov/consumers/guides/childrens-internet-protection-act


FERPA: Family Educational Rights and Privacy Act

www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html

OSPI: Office of the Superintendent of Public Instruction

k12.wa.us/data-reporting/protecting-student-privacy

Additional Resources

OSPI: Office of the Superintendent of Public Instruction

k12.wa.us


SDPC: Student Data Privacy Consortium

privacy.a4l.org

SPPO: U.S. Department of Education’s Student Privacy Policy Office

studentprivacy.ed.gov

FAQ's

Is there a federal privacy and security group?

The U.S. Department of Education’s Student Privacy Policy Office (SPPO) provides a number of resources, including guidance on FERPA, guidance on how to use online tools, vendors, and other relevant information.

Are districts required to comply with the guidance from the U.S. Department of Education’s Student Privacy Policy Office (SPPO)?

Districts are encouraged to comply with best practices in regards to breach response and notification but there is no legal requirement to comply with the SPPO guidance.