Last Updated: August 30, 2016
Privacy is critically important to us—both the privacy of our students and the privacy of our website visitors and registered users. Puget Sound ESD has developed a framework for protecting student data by addressing five key components of protecting privacy: security, regulation, policy, practice, and transparency.
We use the following principles to guide our data-sharing system design:
- Use data for continuous improvement. Accountability is important and data is critical for that purpose, but we value the use of data as a tool for continuous improvement as well. This means that data are used to inform decisions that aim to improve student outcomes, and to measure how effective those changes were.
- Ensure student privacy at all times and maintain high security. Our use of any student data includes an assurance that those data are protected. This means that laws like FERPA describe the absolute minimum requirements for ensuring privacy; we will seek to go further whenever we can. At the same time, any systems used to interact with these data must be highly secure and redundantly protected from breach or loss.
- Be transparent so that students and parents are in control of their data. It should be easy for parents or students to find out what data are being collected, stored and shared. They should see how and what data are shared, to the most specific level possible, even when these data are shared with entities that do not require parental consent, like the state or research studies.
- Real-time solutions are best, whenever practical. Our work should be moving us toward real-time systems because continuous improvement and personalized learning demand it. Nightly snapshots are better than quarterly data extracts, but in our ever-connected society, data should move as quickly as the student does. Real-time transport of data also enhances security by allowing for instant revocability of access and a better understanding of where a student’s data is at any moment.
- Only share data if absolutely necessary. Sometimes large swaths of data are shared because of technical or practical limitations. There should be a valid, reviewed, and approved reason for all pieces of data. This principle carries to our partners and vendors as well; just because we legally can share large amounts of data, we should not do so unless for a specific academic purpose. It is our responsibility to understand what will happen to the data once shared and to make decisions that prioritize the best interests of students.
- When we must share data, follow Common Sense principles.
- Students’ personal information shall be used solely for educational purposes;
- Students’ personal information or online activity shall not be used to target advertising to students or families; and
- Schools and education technology providers shall adopt appropriate data security, retention and destruction policies.
Puget Sound Educational Service District (“PSESD”) operates several websites and services (“systems”), including studentsuccesslink.org and the P2 Student Record Exchange (“SRX”), which use, store, transform, transport, visualize, and incorporate student information. These systems may also collect information about you as a user of the system. It is our policy to respect your privacy as a user as well as the privacy of all students whose data is accessed using these systems.
Website Visitors and Users
Like most website operators, PSESD collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. PSESD’s purpose in collecting non-personally identifying information is to better understand how PSESD’s visitors use its websites or systems. From time to time, PSESD may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its websites or systems.
PSESD also collects potentially personally-identifying information like Internet Protocol (IP) addresses for logged-in users. PSESD only discloses logged-in user IP addresses under the same circumstances that it uses and discloses personally-identifying information as described below.
Gathering of Personally-Identifying Information
Most users of PSESD’s systems interact with PSESD in ways that require PSESD to gather personally-identifying information. The amount and type of information that PSESD gathers depends on the nature of the interaction. For example, we require users of studentsuccesslink.org to provide their name, a username and an email address, regardless of their level of access to the system. In each case, PSESD collects such information only insofar as is necessary or appropriate to fulfill the purpose of the visitor’s interaction with PSESD and to ensure that student data privacy is maintained. For example, we may collect information about which schools or school districts a user is working with in order to limit which student data they are able to access.
PSESD does not disclose personally-identifying information other than as described below. And visitors can always refuse to supply personally-identifying information, with the caveat that it may prevent them from using the system.
Information We Store on Behalf of Educational Partners
Your school, school district, state education agency, or community-based organization uses PSESD’s services to assist with the administration of school-related activities; to facilitate the rapid, secure transfer of student information; and to provide a streamlined way to organize, access, and report your information. The data your organization stores on PSESD’s systems may include the following information about students and their guardians:
- Demographic information including name, mailing address, email address, and date of birth;
- Student education records including the student’s grades, class enrollment, and behavioral records;
- System usernames and passwords.
Student data that originates from an education entity like a school, school district, or state education agency, are only used, stored, and disclosed in compliance with the Family Educational Rights & Privacy Act (FERPA) and other applicable laws and regulations.
PSESD may collect statistics about the behavior of visitors to its websites and systems. For instance, PSESD may monitor the usage of studentsuccesslink.org or track the volume of requests to a system to ensure that those systems are adequately resourced to deliver necessary functionality. PSESD may display this information publicly or provide it to others. However, PSESD does not disclose personally-identifying information other than as described below.
Protection of Personally-Identifying Information
PSESD discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information in order to process it on PSESD’s behalf or to provide services available through PSESD’s systems, and (ii) that have agreed not to disclose it to others.
PSESD will never rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to its employees, contractors and affiliated organizations, as described above, PSESD discloses potentially personally-identifying and personally-identifying information only in response to a subpoena, court order or other governmental request, or when PSESD believes in good faith that disclosure is reasonably necessary to protect the property or rights of PSESD, third parties or the public at large.
If you are a registered user of a PSESD website and have supplied your email address, PSESD may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with PSESD and our products and services. If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users. PSESD takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.
Community-based Organization Access to Student Data
All authorized community-based organizations (“CBOs”) that are granted access to PSESD systems have or will enter into separate data sharing agreements with the appropriate School District that establish the specific purposes and parameters for their use of student data. Pursuant to those agreements, PSESD will only disclose student data to the authorized CBOs in the specific ways that are approved by the appropriate School District.
Additionally, CBOs may authorize PSESD in writing to disclose personally-identifying information about the students enrolled in that CBO’s program(s) to: (i) School District(s) employees who work, or may work, with the student, and (ii) other Student Success Link partner CBOs who have enrolled the student in its programs. In these cases, PSESD may disclose information that you have entered about that student’s participation in your CBO program, including the identity of the student and the dates of participation in your programs.
Audit Logs and Usage Tracking
Given the nature of PSESD systems and the fact that sensitive student data is involved, all activity by registered users of PSESD systems may be logged for later review or audit. This may include, but is not limited to, which records you access or modify, the date and time of such activity, and the ways in which data was accessed, such as by viewing the information on screen or by downloading a file. PSESD may disclose this usage information to authorized administrator(s) at the school, school district, or state education agency who provided the data, or to the authorized representative(s) of the community-based organization who has approved your access to the PSESD system.
PSESD does not use advertisements on its websites or systems, and your information is never shared with advertisers.
External Data Storage Sites
We may store your data on servers provided by third party hosting vendors with whom we have contracted. Regardless of where your data is stored, PSESD takes all commercially reasonable precautions to protect your information from loss, misuse and unauthorized access, disclosure, alteration and destruction.