A. Defines student data, including how data are reported (i.e., personally identifiable information, aggregate data and de-identified data)
B. Requires the publication of a data dictionary - including justification for collections, call for new collections, and identification of unneeded collections - by the Oklahoma State Department of Education (OSDE)
C. Restricts access to data - including through data requests, data reporting, and data-sharing agreements - to only those individuals for whom access is necessary to perform their assigned duties
D. Limits the transfer of student data across state lines to out-of-state OSDE contractors who require data to perform agency functions and to individual student-initiated events
E. Calls for the development of a security plan and regular security audits of the state data system
F. Binds vendors under contract with the OSDE that require system or data access to comply with privacy and security provisions of state and federal law
G. Establishes full transparency with oversight by the State Board of Education, legislature and governor regarding the collection of student data, the operation of the state system, and the use or release of student-level data H. Calls for the OSDE's continuing compliance with the state law regarding P20 data and the development of a state longitudinal data system
H. Calls for the OSDE's continuing compliance with the state law regarding P20 data and the development of a state longitudinal data system
State of Oklahoma Information Security Policy, Procedures, Guidelines (PDF)
The contents of this document include the minimum Information Security Policy, as well as procedures, guidelines and best practices for the protection of the information assets of the State of Oklahoma (State). The Policy, as well as the procedures, guidelines and best practices apply to all state agencies. As such, they apply equally to all State employees, contractors or any entity that deals with State information.
I. The Student Data Accessibility, Transparency and Accountability Act of 2013 (70 O.S. § 3-168)
Although the State Department of Education does not maintain student educational records (student educational records are maintained by public schools and school districts), the State Department of Education collects data from public schools and schools districts on individual students for a variety of purposes, including, but not limited to, compliance with federal and state laws and regulations pertaining to accountability for student learning and expenditures of public funds.
The Student Data Accessibility, Transparency and Accountability Act of 2013 establishes limitations on who can access data of individual public school students in the State Department of Education student data system and certain requirements for the State Board of Education to report the types of student data collected from public schools in the student data system. Those requirements are:
II. The Family Educational Rights and Privacy Act (FERPA)
The Family Educational Rights and Privacy Act (FERPA) affords parents and students who are 18 years of age or older ("eligible students") certain rights with respect to the student's education records that are maintained by the local school district. These rights are:
Parents or eligible students should submit a written request to the school principal (or the official designated by the school for purposes of processing FERPA requests) that identifies the records they wish to inspect. The school official will make arrangements for access and notify the parent or eligible student of the time and place where the records may be inspected.
Parents or eligible students who wish to ask the student's school to amend a record should write the school principal (or other official designated by the school), clearly identify the part of the record they want changed, and specify why it should be changed. If the school decides not to amend the record as requested by the parent or eligible student, the school will notify the parent or eligible student of the decision and of their right to a hearing regarding the request for amendment. Additional information regarding the hearing procedures will be provided to the parent or eligible student when notified of the right to a hearing.
One exception, which permits disclosure without consent, is disclosure to school officials with legitimate educational interests. A school official is a person employed by the school as an administrator, supervisor, instructor, or support staff member (including health or medical staff and law enforcement unit personnel) or a person serving on the school board. A school official also may include a volunteer or contractor outside of the school who performs an institutional service of function for which the school would otherwise use its own employees and who is under the direct control of the school with respect to the use and maintenance of PII from education records, such as an attorney, auditor, medical consultant, or therapist; a parent or student volunteering to serve on an official committee, such as a disciplinary or grievance committee; or a parent, student, or other volunteer assisting another school official in performing his or her tasks. A school official has a legitimate educational interest if the official needs to review an education record in order to fulfill his or her professional responsibility.
Upon request, the student's school may disclose education records without consent to officials of another school district in which a student seeks or intends to enroll, or is already enrolled if the disclosure is for purposes of the student’s enrollment or transfer. FERPA requires a school district to make a reasonable attempt to notify the parent or student of the records request unless it states in its annual notification that it intends to forward records on request.
FERPA permits the disclosure of PII from students’ education records, without consent of the parent or eligible student, if the disclosure meets certain conditions found in §99.31 of the FERPA regulations. Except for disclosures to school officials, disclosures related to some judicial orders or lawfully issued subpoenas, disclosures of directory information, and disclosures to the parent or eligible student, §99.32 of the FERPA regulations requires the school to record the disclosure. Parents and eligible students have a right to inspect and review the record of disclosures. A school may disclose PII from the education records of a student without obtaining prior written consent of the parents or the eligible student in the following circumstances:
The name and address of the Office that administers FERPA are:
Family Policy Compliance Office
U.S. Department of Education
400 Maryland Avenue, SW
Washington, DC 20202