How to Become More Familiar with Student Data Privacy
Just follow these easy steps below!
Step 1. Get started by watching this short 4-minute video on FERPA
Step 2. Review Wisconsin Law
Wisconsin Pupil Records Law (118.125) covers the protection and privacy of student records.
Step 3. Student Data Privacy Main Menu Page
Continue on to the Student Data Privacy for Parents page.
Or return to the Student Data Privacy Main Menu page.
Guidance for Department of Public Instruction Staff and School District Employees
Part 1: Data Privacy Rights & Responsibilities
- Introduction
-
In performing your official duties, you may be given access to data tools that allow you to view individual student records. You are legally and ethically obligated to safeguard the confidentiality of these student records.
Depending on your role, you may be able to access:
- Student-level data
- Summary data
- Economic Indicators and Homeless Data
- Downloadable data
All users of the secure apps accessed through WISEhome, regardless of role, are obligated to protect student privacy. All secure roles enable student data access to some degree, and the data is not redacted like the public portal.
The following agreement is displayed in WISEhome for all users at initial login and every 90 days thereafter:
Educational data system users are required to agree to each of the statements below:
- I will respect and safeguard the privacy of students and the confidentiality of student data.
- I will comply with state and federal privacy laws and all district regulations, policies, and procedures established to maintain the confidentiality of student data.
- I will not disclose or transmit confidential data to persons not specifically authorized to access these data by the District Security Administrator, Application Administrator or District Administrator.
- I will use the confidential data for legitimate educational purposes only as necessary to perform my district or school assigned tasks.
- I understand that my password is as important as my signature. It is my obligation to keep my password confidential. I will not share my password with anyone.
- I will not use other users' login names or passwords.
- I have viewed the student privacy training materials and understand my obligation to protect the confidentiality of the student data that I will be accessing.
- Examples of Confidential Student Data
-
For a more extensive list of examples of personally identifiable data, visit our DPI Personally Identifiable Information Examples (not all-inclusive) page.
- Wisconsin Student Number (WSN)
- attendance
- habitual truancy
- suspension
- expulsion
- dropout
- course-taking
- retention
- primary disability category
- migrant status
- homeless status
- English language proficiency level
- educational environment
- free and reduced lunch eligibility status
- test results (DLM, AP, ACT, Forward, ACCESS, etc.)
- Data Privacy Rights & Responsibilities
-
Your obligations as a responsible data user include the following actions:
- Individual student data can never be publicly published or released.
- Student education data may not be released except under specific circumstances as designated by law.
- Improper release of these data expose you and your district to potential criminal and civil liability, and loss of federal funds.
Printed reports can be shared publicly:
- Only after you’ve reviewed them to ensure that no student could be identified from the report and that the data is redacted to protect the privacy of the student.
- If a reasonable person from your community could identify a student from a report, directly or indirectly, it is your responsibility to store that report in a secure place.
- Share the report only with those with a legitimate educational interest – as determined by your school board.
- What data can be released?
-
Summary (aggregated) data can be released, but only if group size is large enough to protect the privacy of individual members of the group.
Data on the WISEdash Public Portal and in District/School Report cards have been aggregated and redacted to protect privacy. The redaction method used in the District/School Report cards can be used in your district as well.
When the identity of an individual student could be inferred due to small group size in a report, treat that report as confidential.
Part 2: Tips for Protecting Confidential Data
- When Viewing Confidential Data
-
- Make every effort to prevent unauthorized people from viewing your screen while you are accessing confidential information.
- When you are finished with the data tools, log off and close any windows containing data or reports.
- Avoid writing down login and password information in a location viewable by potentially unauthorized people.
- On Electronic Devices
-
- Always store Sensitive PII on a shared secure drive rather than your computer hard drive or shared unsecured drive.
- Lock your computer screen when away from your computer by pressing “CTRL + ALT + DEL” then “Lock this Computer”.
- Do not have your computer remember passwords (Chrome, Firefox, etc.). Only use a secure password manager.
Part 3: Access to Tools and Data
- Access to Public Tools
-
WISEdash is used by districts, schools, parents, researchers, media, and other community members to view data published by DPI. PII data on the portal are summarized and redacted to protect student privacy.
Certified data can be displayed for multiple years and it can be grouped and filtered by a variety of demographics including grade level, gender, race/ethnicity, economic status, disability, English proficiency, and migrant status. Data download files are also available.
- Access to Secure Tools
-
Access to secure DPI tools is available through WISEhome once access has been granted by a security administrator. WISEhome is a secure webpage used by authorized individuals to access DPI’s secure applications and tools in one location.
- How to Request Access to Secure Tools
-
Follow the steps in the "Request Access to a WISE Application" section of the WISEhome Info page to request a user role for the application(s) relevant to your job.
- How to Request Data
-
To request data, follow the steps on our Wisconsin DPI Data Requests page.
Part 4: Pertinent Laws & Policies
- Wisconsin Laws Related to Data and Privacy
-
- Wisconsin Statute 115.297 - Cooperative Research on Education Programs; State Student Data System Wisconsin
- Statute 118.19 Teacher Certification and Licenses
- Wisconsin Pupil Records Law 118.125, 1973 (Wisconsin state law regarding the protection and privacy of students records)
- “ Directory Data means those pupil records which include the pupil's name, address, telephone listing, date and place of birth, major field of study, participation in officially recognized activities and sports, weight and height of members of athletic teams, dates of attendance, photographs, degrees and awards received and the name of the school most recently previously attended by the pupil.”
DPI Guidance Regarding Directory Information
School districts have the authority to limit what will be treated as directory information. That is, a school district may choose to designate some, but not of the information defined in state and federal law, as directory information. For instance, some Wisconsin school districts do not designate a student’s address or phone number as directory information for privacy reasons
- Federal Laws Related to Data and Privacy
-
- COPPA - Children’s Online Privacy Protection Act
- IDEA - Individuals with Disabilities Act
- NSLP - National School Lunch Program
- PPRA - Protection of Pupil Rights Amendment
- FERPA, 1974 (Federal law providing parents certain rights regarding their children's educational records)
- Student Privacy at the U.S. Department of Education (includes guides to FERPA, FAQs, and links to the full text of the FERPA and PPRA regulations)
- Schools must notify parents and eligible students annually of their rights under FERPA. The actual means of notification (e.g., special letter, inclusion in a PTA bulletin, student handbook, newspaper article, etc.) is left to the discretion of each school district. Parents must be allowed at least 14 days to notify the school district that directory information may not be shared without their consent.
- Important: Violations of FERPA can jeopardize a district’s federal funds.