Title: A Checklist for Student Data Privacy in School District Data Science Projects

Author: Jason Kronemeyer

Domain: PreK-12 Education, Data Science Ethics

Privacy Principles: Transparency, Limitation of Use, Access and Correction, Data Quality, Security

Purpose:

To help districts meet legal and ethical requirements for protecting students’ personally identifiable information in data science projects.

[ ] Has a diverse team been assembled to oversee the student data governance aspects of the project?
[ ] Does the project’s purpose provide benefit to the student?
[ ] Has a privacy policy been developed for the project?
[ ] Have relevant data sharing and/or access agreements been developed?
[ ] Has training for users been developed on privacy policies and procedures?
[ ] Is there a plan in place to protect and secure student data from unintended disclosure?
[ ] Have methods been considered to minimize exposure of student personally identifiable information (PII)?
[ ] Have we developed a schedule or plan to delete data after it is no longer needed?
[ ] Has a plan for monitoring privacy policies and procedures been developed?
[ ] Is data which is not relevant to the project removed from the datasets?
[ ] Do we have a process for parents to request removal or correction of their child’s PII used in the project?
[ ] Has informed parental consent been gathered?

Design:

The Checklist for Student Data Privacy in School District Data Projects is designed for use in PreK-12 Education. This checklist is based off the Checklist for Developing School District Privacy Programs, a resource created by the Privacy Technical Assistance Center (PTAC) at the U.S. Department of Education (U.S. Department of Education, 2015). Additionally, concepts from the ethics checklist for data scientists open-source project deon (DRIVENDATA LABS) as well as Ethics in Data Science (Loukides, Mason, & Patil) were incorporated into this checklist.

School districts, which serve students primarily under the age of 18, are continually collecting and using student PII in their data science projects to improve student outcomes also have the great responsibility of ensuring the privacy, security and confidentiality of student data. This checklist connects principles to practice (Loukides, Mason, & Patil), with the goal of providing schools with a resource to continually evaluate their data science projects with student data privacy principles as the focus through the entire data science lifecycle.

The checklist has been designed to ensure that team members on data science projects are thinking critically about the fair information practice principles (FIPS). These privacy principles, which include transparency, use limitation, access and correction, and data quality and security are the bedrock principles for ethical data science in education (Stanhaus, 2020). This checklist is designed to help districts: keep students’ personal information safe; comply with privacy laws; and protect both students and districts from harm resulting from unauthorized disclosure of private information (U.S. Department of Education, 2015).

Prior to the collection of any student PII for the project, we need to ensure that the primary benefits to the student are identified. Assembling a diverse team to oversee and implement the project will help ensure that multiple perspectives are gathered which will ensure that we are protecting from harm and maximizing benefit to the students (Sandvig, 2020). A diverse team will also help predict and reduce the introduction of different types of bias into the project (Loukides, Mason, & Patil). This team takes on the critical role of developing the privacy policy which will serve as the privacy blueprint ensuring transparency and accountability throughout the lifecycle of the project. Each project should have its own privacy policy for parents and school personnel to refer to. The privacy policy should be written in easy-to-understand language for parents to provide informed consent to the use of their child’s personal information for the project (Stanhaus, 2020).

The items listed in this student data privacy checklist should be directly incorporated into the privacy policy for the project. The checklist will be our guide to ensure questions that parents might have such as:

  • What is the purpose of our data science project?
  • What benefits will it provide to the students?
  • What student PII is being collected for the project?
  • What are the limitations of use for the student PII?
  • What third parties is student PII shared with and how will they use the data?
  • What are the procedures to be followed for access and correction of the student PII?
  • What mechanisms will be used to ensure data quality and accuracy?
  • What is the process to request removal of student PII?
  • What are the security protocols being employed to prevent unauthorized access or disclosure of student PII? (Stanhaus, 2020) (Sandvig, 2020)

To ensure transparency throughout the project all items should be checked off the list prior to gathering informed parental consent. Following this checklist will help improve communication and transparency with parents about data practices and reassure parents about the security of their child’s personal information. It will also help protect the students and the district from harm (U.S. Department of Education, 2015).

References: