This website uses cookies to store information on your computer. Some of these cookies are used for visitor analysis, others are essential to making our site function properly and improve the user experience. By using this site, you consent to the placement of these cookies. Click Accept to consent and dismiss this message or Deny to leave this website. Read our Privacy Statement for more.
Print Page | Contact Us | Sign In | Join the A4L Community
Connecting the “Last Mile” of Application to the Local Digital Ecosystem
Share |

Student Data 'Privacy Connect' Project


How easy is it for teachers to implement an application they know will improve their students learning experience?
Is the process so complex that they begin covertly using the application, putting the students and the district at risk?

With each state and the federal government focusing more and more on student privacy and student safety, the legal, technical, and fiscal processes to implement new software can be overwhelming.   

The “Connect” project’s focus is to see how many of these steps can be standardized, automated, or establish effective practices so we all are not starting from scratch each time. The goal is to streamline application selection, vetting, on boarding (sharing properly protected data elements), and final implementation with marketplace norms.

 

“As a previous state education technology director, I know that one of the biggest hurdles for learning institutions is onboarding applications into their own ecosystems. This pain impacts the time between a great application identification to having it used by students along with increased costs and complexity by each one being done in its own unique manner. Why not streamline and standardize?”

               Larry L Fruth II, PhD, previous State of Ohio Ed Technology Director

 

 

    

 

Privacy Connect is being seen by some the Holy Grail for school/district level CIOs. The project’s focus is to see how to simplify the steps between the identification of a desired application to students actually accessing that application. This often-complicated process may include various owners (legal, technical, fiscal, etc.), critical areas of concern (privacy, security, parental notice, etc.) and impact (academic alignment, usage, other options, etc.). How much of this complicated process can be standardized, automated, or utilize effective practices so we all are not starting from scratch each time? The goal is to streamline application selection, vetting, on boarding (sharing properly protected data elements), and final implementation with marketplace norms – all done in a standardized manner. The project is leveraging the collaborative strength of the Student Data Privacy Consortium (SDPC) to develop a freely available open technical standard that would help identify the “right data to the right application” in a standard transport manner identified in the various Alliance developed shared privacy contract frameworks. In essence the Consortium is helping create a “Secure K-20 Education Data Environment for Learning”!

 

 

The Global Education Privacy Standard (GEPS)

Ok, the contract is all signed between marketplace provider and customer, the deliverables are clearly outlined and everything is outlined in the roles and responsibilities of each party. 

Ready to go, right?  No. 

In most cases the next call between the two parties to answer the question “How do you want us to deliver on X, Y and Z?”.  This is especially true when it comes to student data privacy issues which usually outlines the need for vendors to use “industry established best practices/standards”.  The issue is that for the education vertical, no practices or standards exist.

The Global Education Privacy Standard, GEPS, is a PK-20 global set of data privacy obligations (obligations) that can be aligned to contractual clauses as well as technical control benchmarks. GEPS includes open XML code (PODS) to transfer privacy obligations between controllers and processors to bridge the gap in understand of education data protection expectations.  GEPS allows for organizations to choose the SDPC standard suggestions or use other existing standards, (i.e. IEEE, NIST, ISO, etc.) to set their own expectations between vendors and customers on managing student data.

We suggest if you are an end user OR marketplace provider, that you get involved proactively in this work to assure your needs are met.   With the growth of the Alliance, and demands for better data privacy oversight, this work will be the foundation of how all products will validate their controls over student data.

 

 

Available to Marketplace

SDPC Membership Value-Add

Openly developed technical privacy specification

X

X

Access to vendor marketplace information

X

X

Effective practices documentation support for application integration

X

X

Highlight for vendor members in the marketplace

X

Privacy Certification for application providers

X

Additional contact and support information from providers for end users

X

 

 

 

 

Find out more and get YOUR
usage of the Tools >>

 

 

To find out more about the
Student Data Privacy Consortium (SDPC),
please go to: https://privacy.A4L.org

 

 

  • SIF Association (dba Access 4 Learning (A4L) Community)

  • PO Box 1024, New Albany, Ohio 43054-1024

  • Phone: +1.202.621.0547

  • Fax: +1.202.289.7097