Skip to content
Content
{{CurrentPage.Topics.DisplayName}} {{CurrentPage.Subtopic_x0020_Level_x0020_1}}

{{CurrentPage.Title}}

Follow these steps to become more familiar with student data privacy!

  1. Step1: Get your feet wet with this short 4 minute video on FERPA.

     

  2. Step2: Review the Illinois School Student Records Act 105 ILCS 10 regarding the protection and privacy of student records: Illinois School Student Records Act 10​​5 ILCS 10.

  3. Step3: Overview of Student Data PrivacyPowerPoint Document.

  4. Step4: Take a look at the additional training materials listed below.​​

Student Data Safeguarding

Method 1 - Data Redaction

The process of masking the data displayed (putting an asterisk * in place of the actual number) to protect student privacy. Different applications may utilize different redaction techniques depending on the tool being used, data being displayed and the way that the data is being combined for display. Each redaction technique has been vetted within the agency and through other groups like PTAC to ensure that each application meets the applicable privacy laws to ensure that student privacy is protected. Two specific examples that handle redaction differently include the Report Cards and the ED360 Public Portal.

Report Cards: To protect student privacy, data for groups of fewer than 10 students are replaced by asterisks on the public report cards.

Method 2 - Multi-Tiered Data Request Process

ISBE ensures compliance with all FERPA and Illinois legislative guidelines through our formal Data Sharing Review Board.​

For specific data requests, ISBE requires notification of specific data destruction, method of destruction and other necessary details. ​​

Method 3 - 3-tiered hierarchy to manage security

For more information on the hierarchy view the District Personnel and Data Users tab below.

Organizations for Student Data Privacy and Security

Student Data Privacy for Parents

Step-by-Step Checklist to Understanding Student Data Privacy

  1. Step 1: Ask the right questions at your next PTA meeting.

  2. Step 2: Learn more about your rights under FERPA.

  3. Step 3: Review this helpful infoormation related to educating parents.

  4. Step 4: Improve your knowledge by reviewing our parent-specific resources and other student data privacy information on this page.​​

District Personnel and Data Users

ISBE Security Overview

As district personnel, you are part of a 3-tiered hierarchy to manage security in your district for ISBE applications:

  • Level 1 Security
    • Local IWAS administrator
  • Level 2 Security
    • Application Administrators
  • Level 3 Security
    • Application Users
    • (Teachers, Administrators, other district personnel)

Local IWAS Administration Account setup for your district

The local Administrator is the gatekeeper in the district for managing access to ISBE Web Application Security (IWAS) application Administrators and thus access to all Secure IWAS Applications.

If the Administrator has changed (including Regional/District Superintendent, Nonpublic School Administrator, Special Ed Director, etc.), ISBE will process the change in Entity Profile System and will email or fax the entity an IWAS administrative account letter that contains IWAS setup instructions and an access code for the creation a new IWAS administrative account. The outgoing administrator’s account will be deactivated. IWAS questions should be directed to the ISBE IT and Educator Licensure Call Center at 217-558-3600, Option 2​.

Accessing IWAS applications:

  1. Create a new IWAS account (See page 1 of the IWAS User Guide)
  2. Request Access to System Applications (See page 1 of the IWAS User Guide)
  3. Local IWAS Administrator or Local Administrator or Appointee grants requested access and privileges

For more information, see the IWAS U​ser GuidePDF Document. ​​​

Student Data Privacy Training
  • Data Access and Use Policy: Summarizes the ways in which ISBE protects data, and the methods by which it is distributed for public knowledge and research purposes. 
  • Family Educational Privacy Rights Act (FERPA): This video training session with questions can be taken by anyone (register as new user)​. They are excellent training videos created by the Privacy Technical Assistance Center (PTAC) that will familiarize school district and agency staff with the requirements of FERPA. This is the primary law dealing with the protection and regulation of student records. Any employee involved in releasing or sharing student data should take these trainings, especially since they are ED-approved.
  • Data Privacy?  Get SchooledYouTube Video Link: This self-paced course will discuss the value data brings to improve education, offer recommendations for addressing privacy concerns while promoting effective data use, and explore lessons learned from existing and emerging policies in education and other sectors. Each module offers both video and written core content that will take no longer than an hour to complete. Additional resources are available in each module for those that want to take a deeper dive into specific topic areas. A digital badge and a certificate will be provided for course completion. ​​​

Resources for Student Data Privacy

Featured Resources​

  • Policymaking on Education Data Privacy: Lessons LearnedPDF Document
    Policymakers in almost every state have considered laws to ensure the safety of student data, and the US Congress is considering seven bills on student data privacy. At the same time, the Every Student Succeeds (ESSA) Act requires that states adopt evidence-based interventions to improve school performance. The education research to inform these interventions depends on access to student data. Policymaking on Education Data Privacy: Lessons Learned, outlines key lessons policymakers should contemplate before taking action.

  • How do you Communicate the Data Message?
    Words matter. What you say, how you say it, and when you say it are critical to effectively communicating with your audience. DQC has crafted language and tools to help you better talk to peers, press, and the public about data and meeting education goals.

  • What is Student Data?
    There are many types of data that support student learning—and they’re so much more than test scores. But individual data points don’t give the full picture needed to support the incredibly important education goals of parents, students, educators, and policymakers. See the types of data that can come together—under requirements like privacy and security—to form a full picture of student learning. When used effectively, data empowers everyone.

  • Data Breach Response ChecklistPDF Document
    The U.S. Department of Education established the Privacy Technical Assistance Center (PTAC) as a “one-stop” resource for education stakeholders to learn about data privacy, confidentiality, and security practices related to student-level longitudinal data systems. PTAC provides timely information and updated guidance on privacy, confidentiality, and security practices through a variety of resources, including training materials and opportunities to receive direct assistance with privacy, security, and confidentiality of longitudinal data systems.

  • Protecting Student Privacy While Using Online Educational Services: Model Terms of ServicePDF Document
    This document is a framework for evaluating online “Terms of Service” agreements. This document is designed to assist educators, schools, and districts in understanding how an online service or application may collect, use, and/or transmit user information. The guidance will assist users in deciding whether or not to sign-up for specific services.

  • Protecting Student Privacy While Using Online Educational Services: Requirements and Best Practices
    This document will address privacy and security considerations relating to computer software, mobile applications (apps), and web-based tools provided by a third-party to a school or district that students and/or their parents access via the Internet and use as part of a school activity.​

Parent Specific

Training

Legislation & Policy

  • Complying with FERPA and Other Federal Privacy and Security LawsPDF Document
    In addition to understanding and complying with FERPA, states also have the responsibility to understand and comply with state data privacy and security laws, as well as other federal privacy laws such as the Health Insurance Portability and Accountability Act (HIPAA) to the extent that data subject to those laws are incorporated in the state educational data system.

  • Protecting Student Privacy

  • FERPA (law)
    Cornell Law layout of US Code related to FERPA.

  • FERPA / IDEA Cross-Walk GuidePDF Document
    Side-by-side comparison of the primary legal provisions and definitions in IDEA Part B, IDEA Part C and FERPA that relate to the requirement to protect the confidentiality of personally identifiable information of students and children served under the IDEA.

  • FERPA Family Educational Privacy Rights - Regulations
    Full text of the Family Educational Rights and Privacy Act (FERPA).  FERPA gives parents certain rights regarding their children's educational records.

  • Protection of Pupil Rights Amendment (PPRA)
    The Protection of Pupil Rights Amendment (PPRA) of 1978 is a law intended to protect the rights of pupils and the parents of pupils in programs funded by the United States Department of Education.

  • Illinois School Student Records Act 5 ILCS 140
    Illinois law regarding the protection and privacy of students records.​

General

  • DQC Home Page
    The Data Quality Campaign supports state policymakers and other key leaders to promote the effective use of data to improve student achievement.

  • DQC Roadmap to Safeguarding Student Data
    Highlights the three focus areas—transparency, governance, and data protection procedures—that will allow states to reach these goals and provides a robust list of other resources from DQC and other organizations related to safeguarding data.

  • Myth Busters: Getting the Facts Straight about Education DataPDF Document
    The education data agenda is experiencing unprecedented backlash, including the propagation of data myths, especially regarding Common Core, FERPA, and vendors. This document dispels the most common myths with concise talking points and related resources.

  • Protecting Privacy in Connected Learning
    The Protecting Privacy in Connected Learning toolkit is an in-depth, step-by-step guide to navigating the Family Education Rights and Privacy Act (FERPA) and Children’s Online Privacy Protection Act (COPPA) and related privacy issues.  The toolkit is organized in the form of a decision tree and addresses FERPA and COPPA compliance issues as well as smart suggested practices that reach beyond compliance; it also includes definitions, checklists, examples, and key questions to ask.

  • Student Data PrinciplesPDF Document
    These are 10 Foundational Principles for Using and Safeguarding Student's Personal Information.

  • Transparency Best Practices for Schools and DistrictsPDF Document
    Intended to assist elementary and secondary schools and local educational agencies in achieving greater transparency with respect to their data practices.  Informs schools and districts of the basics of legal compliance.  Encourages educational organizations as to go beyond the minimum notifications required under federal law.

  • Who Uses Student Data?
    Most personal student information stays local. Districts, states, and the federal government all collect data about students for important purposes like informing instruction and providing information to the public. But the type of data collected, and who can access them, is different at each point. This graphic shows how student data—from schools to the US Department of Education—are and are not accessed and used.​​​​​​​​​​​​

* * * This page has been archived. The content on this page may no longer be in effect. * * *

Contact Information