WSIPC strives to provide parents, districts, Information Service Centers (ISCs), Educational Service Districts (ESDs), and others with clear and easy-to-access information on the privacy and security of the data you have entrusted us with. WSIPC takes seriously its obligation to protect the privacy and security of data collected, used, shared, and stored. These pages contain state and federal policies that WSIPC adheres to, data privacy and security procedures, as well as guidance and resources for various stakeholders.
What is Data Privacy?
Data Privacy deals with the ability of parents, districts, ISCs, and ESDs to determine what data can be shared with third parties. WSIPC requires district approval before we share your data. We contractually require the same approval for any vendor we work with.
Security Assessments
Security assessments and penetration testing are conducted annually to ensure our daily security practices are fully followed. Security testing and auditing is performed on the following: major software components, database integrity, data access, business continuity and disaster recovery, data classification, media handling, asset management, encryption, incident detection and response, logical access control, malicious code and vulnerability management, mobile device security, personnel security, physical security and environmental controls, and risk management. Additionally, new and replacement hardware/software is evaluated by multiple teams before going live.
Data Privacy and Security Group Memberships
WSIPC personnel serve in a variety of leadership positions with Data Privacy and Security groups, including CCSSO, DataQualityCampaign, NCES, CoSN, A4L, and the Data Governance Committee.
Information for Districts
The use of data helps guide parents, teachers, schools, districts, educational service districts, and state leaders as we work together to improve student achievement so all children graduate ready for college and career. While using data effectively to guide improvement and student achievement, WSIPC takes seriously its moral and legal responsibility to protect student privacy and ensure data confidentiality and security.
OSPI: Protecting Student Privacy
An OSPI list of processes used to help safeguard the confidentiality and security of district’s student data. k12.wa.us/DataAdmin/DataSharing
OSPI: Electronic Resources Policy
OPSI’s guidance for required district electronic resources (ER) policy. k12.wa.us/EdTech/InternetSafety
SPPO: Student Privacy Guidance
OSPI: Teach & Learn Internet Safety
An OSPI generated list of high-quality Internet Safety Programs. k12.wa.us/EdTech/teachlearnInternetSafety
OSPI: Records Retention Schedules
Records Retention Schedules for School District and Educational Service Districts.
sos.wa.gov/archives/recordsmanagement/managing-school-district-records.aspx
SDPC: Student Data Privacy Consortium link
Information for Parents
The use of data helps guide parents, teachers, schools, districts, educational service districts, and state leaders as we work together to improve student achievement so all children graduate ready for college and career. While using data effectively to guide improvement and student achievement, WSIPC takes seriously its moral and legal responsibility to protect student privacy and ensure data confidentiality and security.
OSPI: Protecting Student Privacy
An OSPI list of processes used to help safeguard the confidentiality and security of district’s student data. k12.wa.us/DataAdmin/DataSharing
SPPO: Student Privacy Guidance Videos
OSPI: Teach & Learn Internet Safety
An OSPI generated list of high-quality Internet Safety Programs. k12.wa.us/EdTech/teachlearnInternetSafety
FERPA: Family Educational Rights and Privacy Act site
Agreements and Contracts
WSIPC inserts the following language into its current district agreements:
WSIPC acknowledges that its performance of Services under this Agreement may involve access to confidential information including personally-identifiable information, student records, protected health information, or individual financial information that is subject to state or federal laws/rules restricting the use and disclosure of such information, (reference Family Educational Rights and Privacy Act (20 U.S.C. § 1232g)). WSIPC agrees to comply with said FERPA regulations and will follow the federal guidelines in handling or disclosing personally identifiable information.
The Student Data Privacy Consortium (SDPC) makes available to all districts, the Massachusetts Student Privacy Alliance (MSPA framework), which provides privacy language in contracts with over 50 districts and the vendors they utilize. privacy.a4l.org/about
The Association for Computer Professionals in Education (ACPE), A4L, and the SDPC worked together to create a Washington specific version of this tool to streamline contract preparation and management. To learn more about this tool, contact SDP@acpenw.org.
Federal and State Laws
The following are some of the applicable federal and state regulations:
CIPA: Children’s Internet Protection Act
fcc.gov/consumers/guides/childrens-internet-protection-act
FERPA: Family Educational Rights and Privacy Act
www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html
OSPI: Office of the Superintendent of Public Instruction
COPPA: Children’s Online Privacy Protection Act
PPRA: Protection of Pupil Rights Amendment
Additional Resources
OSPI: Office of the Superintendent of Public Instruction
SDPC: Student Data Privacy Consortium
SPPO: U.S. Department of Education’s Student Privacy Policy Office
FAQ's
Is there a federal privacy and security group?
The U.S. Department of Education’s Student Privacy Policy Office (SPPO) provides a number of resources, including guidance on FERPA, guidance on how to use online tools, vendors, and other relevant information.
Are districts required to comply with the guidance from the U.S. Department of Education’s Student Privacy Policy Office (SPPO)?
Districts are encouraged to comply with best practices in regards to breach response and notification but there is no legal requirement to comply with the SPPO guidance.