The Office of the State Superintendent of Education (OSSE) is committed to ensuring child and student data are well-protected, managed, used and stored. In order to do this, the agency follows strong data governance and privacy policies and practices.
OSSE’s approach balances its legal and ethical responsibilities for protecting student privacy while meeting expectations for transparency as a public agency. This includes making education data available to stakeholders and partners so they have high-quality information for decision-making to support children, students and educators.
OSSE and Federal Privacy Laws
OSSE and Federal Privacy Laws explains the agency’s views about its responsibilities and requirements under federal privacy laws, including the Family Educational Rights and Privacy Act (FERPA). (This document does not constitute legal or policy advice or guidance to local education agencies, schools or any other entities).
Student Privacy and Data Suppression
The Student Privacy and Data Suppression Policy describes how OSSE protects child and student identities in the aggregate datasets that it publishes about the state overall, local education agencies (LEAs), schools and child development facilities. Exceptions to the policy are also documented. More information and visualizations explaining this policy are available in Student Privacy and Data Suppression Policy at a Glance.
Educational Workforce Privacy and Data Suppression
The Educational Workforce Privacy and Data Suppression Policy describes how OSSE protects teacher and other faculty and staff identities in the aggregate datasets that it publishes about the state overall, LEAs, schools and child development facilities.
The Data Incident Response Plan describes OSSE’s definition of a suspected data incident and its process for reporting, investigating and communicating about suspected incidents involving OSSE data, whether caused by OSSE staff or others (including but not limited to contractors or grantees).
Secure Data Transfer
Using Secure Data Transfer to Protect Student Privacy describes OSSE’s expectations for partners and stakeholders sharing personally identifiable and other sensitive information with OSSE only over secure platforms, such as Box, as supported by the Office of the Chief Technology Officer (OCTO).
The Data Request Policy describes how to request data from OSSE and how OSSE evaluates the data requests it receives. Requests can be made through OSSE’s data request portal. Information specific to requesting student education records or District data from the Youth Risk Behavior Survey (YRBS) is also available.
Data Sharing Agreements
OSSE shares individual-level data only through written data sharing agreements, including as required under FERPA in the absence of parent, guardian or student consent. OSSE’s data sharing agreement templates are available by emailing [email protected].
Non-Disclosure Agreements (NDAs)
OSSE requires all individuals lawfully conducting business for or on behalf of OSSE to maintain the security and privacy of any and all data, documents and information accessed through OSSE. Part of this process includes signing OSSE’s Non-Disclosure Agreement (NDA).
The Data Correction Policy describes how the agency identifies and investigates errors in its published data and how members of the public can report errors in published OSSE data.
If you have any questions about OSSE’s data governance and privacy policies and practices, please email [email protected].
Related Content: OSSE Data Request Form | Student Privacy and Data Suppression Policy At A Glance