In November of 2020, the Office of the State Superintendent of Education (OSSE) released its new Student Privacy and Data Suppression Policy. In education, data suppression refers to the various methods used to protect the identities, privacy, and personal information of individuals. While OSSE already utilized data suppression in all public data files, our innovative new policy allows our agency to better balance the privacy expectations set by the federal Family Educational Rights and Privacy Act (FERPA) and the public’s expectations for data transparency. As part of our agency’s continuous effort to improve, we are excited for the opportunity to enhance both the quality of our reporting and our privacy protections and hope this approach can become a model for others, including schools, other state agencies, and education researchers.
Under this new policy, OSSE will be able to report even more data to the public transparently, while still rigorously protecting student privacy. We do this by setting the rules for suppression of affected dataset based on the size of the student population in question. For bigger populations, there is lower risk to individual privacy, so we can suppress less. For smaller populations, we suppress more to ensure individuals are protected. This population-based approach is ultimately more transparent than having absolute suppression rules for all files, without sacrificing student privacy.
In all data releases, OSSE publishes a “Data Notes” tab in the file. This tab provides details about the data, including whether the file is an exception to the policy. See below for additional details and a case study.
|If there are this many students in the group…||…OSSE will apply suppression at these levels…|
|10-20||<=10% and >=90%|
|21-100||<5% and >95%|
|101-1000||<1% and >99%|
|1001+||<0.1% and >99.9%|
The full Student Privacy and Data Suppression Policy is available on OSSE's website. This policy went into effect in November of 2020; all subsequent data releases are in alignment with the policy unless they are explicitly noted as an exception. Existing and future exceptions to the Student Privacy and Data Suppression Policy are listed in the file posted on OSSE's website and will be noted in the Data Notes tab of each individual release. Note that OSSE will not retroactively apply the policy to historical data releases.
|Examples of Impacted Data||Examples of Data Not Impacted|
For questions, please contact Gwen Rubinstein at [email protected] or see the “Policy in Action Case Study” section below.
The Student Privacy and Data Suppression Policy is a consistent sequence of steps for all of OSSE’s public data releases. To illustrate these steps, we will use an imaginary report on the 140-member track team at School “A” in which we report perfect attendance at practice. The people reading our report will want to learn as much about the team as possible, but the student-athletes on the team have their personal information protected by law. Our new policy allows us to meet both of those standards. First, we start with the overall makeup of the team, which is not suppressed. (See diagram 1)
In our report, we show that 123 out of the 140 athletes on the team had perfect attendance, which we would report as 87.8%. Now let’s get to the student groups.
Basic suppression means that instead of sharing student group values that are fewer than 10, we share “n<10.” Since there are only two pole vaulters on the track team, publishing any additional information about their performance could compromise the privacy of both students. For that reason, if we wanted to share the number of team members who never missed a practice all year, we would report “n<10” for that group. OSSE used basic suppression prior to the new policy. (See diagram 2)
Complementary suppression means we will suppress the second smallest cell in the data to ensure that those cells with basic suppression cannot be calculated using basic math. When reporting the number of athletes within each group with perfect attendance at practice, because you know the total number of athletes with perfect attendance is 123, and the number of athletes in each group that is not suppressed, you can easily figure out the number of pole vaulters who had perfect attendance is zero. Therefore, we would report the second smallest cell – in this case distance runners – as “DS” or “data suppressed.” You are still able to discern the range of how many athletes are in each group (0-2 pole vaulters and 9-11 distance runners), but not the exact amount to protect their privacy. We have used complementary suppression previously, but the new policy will apply to all student performance data sets. (See diagram 3)
Top and bottom suppression is applied when data is presented as percentages or rate of performance. Suppression applies at a range depending on the size of the group the data represents. Basically, the more students in the group (n-size), the less we suppress. When none/nearly none or all/nearly all members of a group meet the definition for a certain performance measure, reporting the exact percentage could make it easy for any member of the school or community to identify something private about a specific student. In this example, because all of the jumpers had perfect attendance, reporting 100% would share with every track fan something private about a student’s performance made public by our report. For that reason, we would report that percentage as >95%. This way, we provide the same amount of information to the public (jumpers have very high rates of perfect attendance) but at a different grain size to protect privacy. Top and bottom suppression is new to OSSE. After applying this final step, the diagram below shows what the perfect attendance at practice report would display for the specific track team groups (See diagram 4)
Suppressing rates of zero and one hundred percent. As part of top and bottom suppression, OSSE will no longer release data where cells represent zero or all of a group within a category. In the case of School A’s track team, if we reported that zero athletes on a team of 140 had perfect practice attendance, we would know something personal about every single student on the team. To prevent that, we would report the team’s perfect attendance as <1% rather than 0%. On the other end, if every athlete had perfect attendance, we would report that as >99% rather than 100%.
For the policy to work, OSSE does not apply a value system to suppression. While it would be great if for the track team if every athlete had perfect practice attendance, sharing a 100% reveals personal information about every student on the team just as much as a sharing a 0% would. Suppressing zero and one hundred percent is new to OSSE.
For a real-world example, as demonstrated below on the DC School Report Card, OSSE now reports a 100% AP/IB Participation rate (left) as a range (right).
1. How does this new policy change OSSE’s data releases?
Under this new policy, the Office of the State Superintendent of Education (OSSE) will be able to report even more data to the public transparently, while still rigorously protecting student privacy. We do this by setting the rules for suppression of affected datasets based on the size of the student population in question. For bigger populations, there is lower risk to individual privacy, so we can suppress less. For smaller populations, we suppress more to ensure individuals are protected. This population-based approach is ultimately more transparent than having absolute suppression rules for all files without sacrificing student privacy.
2. Why did OSSE implement the Student Privacy and Data Suppression Policy?
We are improving our protections of student privacy by standardizing our data suppression practices. OSSE already utilized data suppression in all public data files, but the innovative new policy allows our agency to better balance the privacy expectations set by the federal Family Educational Rights and Privacy Act (FERPA) and the public’s expectations for data transparency consistently throughout all public releases.
As part of our agency’s continuous effort to improve, we are excited for the opportunity to enhance both the quality of our reporting and our privacy protections and hope this approach can become a model for others, including schools, other state agencies, and education researchers.
3. Will every school and local education agency (LEA) use this policy?
This is OSSE’s policy. However, schools and LEAs in DC have autonomy to use their own policies depending on how they interpret their responsibilities under FERPA.
One example of how OSSE and a local education agency may differ in how we report data is a 100 percent graduation rate. While we understand the school’s pride and excitement to share that accomplishment publicly, our policy explains that reporting any 100 percent or 0 percent metric reveals personal information about every student in the group.
We encourage local education agencies to consult their legal teams about their own data suppression policies.
4. Will the Student Privacy and Data Suppression Policy make it harder to learn about school performance?
No. OSSE continues to share an immense amount of school performance data. For example, the DC School Report Card data files in 2020 contain over 100,000 cells of DC, LEA, school, and student group level performance data! The Student Privacy and Data Suppression Policy simply takes additional steps to protect the privacy of students. In addition, in some cases, it enables OSSE to provide more data than in the past by allowing OSSE to report data in ranges (such as >95 percent or <5 percent) when previously those values might have been suppressed.
As you may know, OSSE works directly with schools and local education agencies to securely share their unsuppressed student-level data. The policy will not change how OSSE shares data with local education agencies and partners under data-sharing agreements.
5. Will this policy apply to data that OSSE has already published?
No. OSSE will not retroactively apply this policy to data we have already published. However, OSSE will apply the new policy to the DC School Report Card displays of previous years' data to ensure consistency with displays of current data, since that is a file that is updated each year.
6. When did the suppression policy take effect?
This policy went into effect in November of 2020; all subsequent data releases are in alignment with the policy unless they are explicitly noted as an exception.
7. What data releases does this policy apply to?
This policy applies to all data protected by FERPA and the Individuals with Disabilities Education Act (IDEA), as well as other aggregate child- or student-level data OSSE releases publicly or to parties as requested.
8. What are the exceptions to the Student Privacy and Data Suppression Policy?
Current exceptions to the Student Privacy and Data Suppression Policy are listed in a file posted on OSSE's website and will be noted in the Data Notes tab of each individual release. OSSE will update the list with any new exceptions made.
|Examples of Impacted Data||Examples of Data Not Impacted|
9. Why are Youth Risk Behavior Survey (YRBS) data not suppressed based on this policy?
Youth Risk Behavior Survey data are suppressed using the Centers for Disease Control and Prevention’s (CDC) policies that take into account that students share sensitive personal information when they answer the survey and are promised anonymity in responding.
10. How will this policy affect the DC School Report Card?
There will be changes to the way some data are displayed on the report card website, but there will not be fewer metrics or less information displayed. Below, you can see examples of how some graphs and numeric displays changed with the implementation of this policy. Along with this implementation on the DC School Report Card website, the Student Privacy and Data Suppression Policy will also be applied to the aggregate and metric data files posted on the Technical Resources page.
11. Why are teacher and staff data not impacted?
The Student Privacy and Data Suppression Policy is intended to cover data about children and students in compliance with FERPA and IDEA. Teacher and Staff data privacy protections differ and are not incorporated into the scope of this policy.
12. What qualifies as basic enrollment counts?
Basic enrollment counts are exempt from this policy under guidance produced by the US Department of Education. This guidance states when releasing enrollment counts for schools and LEAs, the following fields do not need to have suppression applied because of low risk of re-disclosure of student identities:
13. What happens if unsuppressed data are accidentally shared externally?
14. How do I know if OSSE data is suppressed or unsuppressed?
In all data releases, OSSE publishes a “Data Notes” tab in the file. This tab provides details about the data, including whether the file is an exception to the policy. See the At-A-Glance for additional details and a case study.
If there are not any suppression indicators such as <5, >95, n<10 in the data set, or there is not a “data notes” tab that explains suppression, OSSE employees must suppress the file according to the policy before releasing it externally.