Office of the State Superintendent of Education

DC Agency Top Menu

-A +A
Bookmark and Share

Using Secure Data Transfer to Protect Student Privacy

Purpose of This Document

The purpose of this document is to provide background guidance about protecting student privacy while securely transferring data to or receiving information from the Office of the State Superintendent of Education (OSSE). In addition to general background about the importance of data privacy, this document provides specific guidance about protecting student information in ad-hoc or non-recurring data transfers that occur outside of existing OSSE secure platforms.

Why Does Privacy Matter?

OSSE is committed to providing students and families with an excellent education and sustaining, accelerating, and deepening the progress being made in DC education. OSSE has committed to providing high-quality, actionable data as one of four key priorities in its strategic plan.

As DC’s state education agency, OSSE receives and transmits information about students and children from and to local education agencies (LEAs), schools and community-based organizations (CBOs) as permitted by the Family Educational Rights and Privacy Act (FERPA). Staff at all of these entities have an important responsibility to be careful stewards of that information, including ensuring it remains private and protected.

This guidance is part of OSSE’s robust approach to codifying policies and procedures to protect student information and build capacity around data privacy and security for itself and among all public education stakeholders.

What is Personally Identifiable Information (PII)?

Personally identifiable information (PII) is information that, alone or in combination, can be linked to a specific student, including but not limited to:

  • Name of student, parents, or other family members.
  • Address of student, parents, or other family members.
  • Personal identifier, such as a Social Security Number, unique student identifier (such as OSSE’s USI), or biometric record.
  • Indirect identifiers, such as date of birth, place of birth, or mother’s maiden name.

Why Does Secure File Transfer Matter?

All staff who use student information bear responsibility for handling it in a responsible and confidential manner. Secure file transfer is one important strategy to protect student information.

Email is not the preferred means to share PII because it can be compromised on devices, networks, servers, and a recipient’s device, including by forwarding or other wide distribution of messages without the consent of the sender.

Using OSSE’s Secure Upload Site: What Do I Need to Know?

What is the secure upload site?

OSSE maintains a secure upload website as one method for protecting PII about DC students as data files move electronically between OSSE and organizations serving them. This includes data sharing between OSSE and staff at LEAs, CBOs and other organizations.

OSSE’s secure upload site is located at https://upload.dc.gov/ossedata/nclb/

The site contains folders for DCPS, public charter LEAs, the District of Columbia Public Charter School Board (PCSB), and CBOs. Each entity’s folder can contain a number of subfolders for specific projects or tasks for which PII transfer is required. Permissions to these folders and subfolders are granted on a project-specific basis. OSSE ensures any data sharing has a legal basis under the federal Family Educational Rights and Privacy Act (FERPA).

Who at OSSE manages the site?

OSSE’s Division of Data, Assessment and Research (DAR) is responsible for operating and maintaining the site. Tonia Lovelace, program manager, Collections and Verifications, manages the site, including issuing login credentials and permissions to users and establishing, maintaining, and deleting folders, subfolders and content on the site.

How do LEAs and CBOs receive access?

“Heads of schools” in OSSE’s LEA contacts list receive credentials for the site at the beginning of every school year and are treated as administrators for their LEA or CBO. This designation gives them access to their LEA’s or CBO’s main folder and any project-specific subfolders created under it.

Working with Tonia Lovelace, OSSE program staff can request additional credentials for LEA or CBO staff who need access for a specific project or for a specific subfolder if they are serving as the point of contact for that data exchange or transfer.

OSSE will not provide credentials to anyone who does not have an LEA, CBO or school email exchange address. Please contact us if you have a concern about this or special circumstances.

OSSE will not be responsible for any data re-disclosures caused by inappropriate sharing of credentials among LEA or CBO staff.

How can I receive access to submit data to OSSE for my project?

LEA and CBO staff access to the site is granted on a project-specific basis and is requested by OSSE programmatic staff, who identify LEA points of contact for that project and provide them to Tonia Lovelace.

How do I upload or download files?

Instructions for uploading data to OSSE’s secure upload site are:

  1. Point your browser at https://upload.dc.gov/ossedata/nclb/.
  2. Enter your username and password, click “Login.”
  3. Find the folder you are using in the list and click on it.
  4. Find the subfolder you are using in the list and click on it.
  5. Go to the section marked “Upload.”
  6. Where it says “Choose a File,” click on browse and choose the file(s) you wish to upload.
  7. Click the “Upload” button at the bottom of the screen.
  8. Once your file has uploaded, click on the “Logout” button.

Instructions for downloading data from OSSE’s secure upload site are:

  1. Point your browser at https://upload.dc.gov/ossedata/nclb/.
  2. Enter your username and password, click “Login.”
  3. Find the folder you are using in the list and click on it.
  4. Find the subfolder you are using in the list and click on it.
  5. Click on the file.
  6. Click “Open” on the dialog box at the bottom of the screen.
  7. Save your file in your workspace.
  8. Click on the “Logout” button.

How long can the files stay on the site?

The site is for upload, not storage. Data files should be removed as soon as they are downloaded and no longer needed.

Going forward, OSSE staff will remove files from the site within five business days of the end of the period for which they are needed. For example, if a project for which data transfer is needed runs from Jan. 2-16, 2017, the data would be removed from the site by Jan. 23, 2017.

Who do I contact if I have questions?

For questions about LEA and CBO access to the secure upload site, including support to use the site and update LEA or CBO contact information:

Tonia Lovelace, program manager, Collections and Verifications
Email: [email protected]
Phone: (202) 535-2918 (desk), (202) 215-8373 (cell)

If Tonia is not available, contact Traci Bourne at (202) 481-3857 or [email protected].

For questions about this guidance:

Elizabeth Laird, deputy assistant superintendent
Email: [email protected]
Phone: (202) 436-6033

Related Content: OSSE Secure Upload Site: Notice of Summer Cleaning