Our district's change in student information systems has served as a reminder to me just how damn much  data we as a school district collect on our students. Demographics and attendance and credits and health and discipline and evaluations galore, oh my!

Our intent in the move from the old SIS to the new was to maintain the same data access privileges among all our system users. I believe we are accomplishing this. Were we to change data access permissions at the same time as we changed SIS systems, the new system would be held responsible for the change, not we humans who assign the rights.

At some point in time, however, it will be imperative to reexamine our data privacy rules, especially in light of some new work being done by COSN. In New Data Principles Help to Guard Student Privacy, COSN links to the 10 Foundational Principles for Using and Safeguarding Students’ Personal Information - that help educators "move beyond compliance to toward aspirational pratices" that are designed to build trust between schools and parents. These principles include:

We believe:

1.  Student data should be used to further and support student learning and success. 
2.  Student data are most powerful when used for continuous improvement and personalizing student learning. 
3.  Student data should be used as a tool for informing, engaging, and empowering students, families, teachers, and school system leaders.
4.  Students, families, and educators should have timely access to information collected about the student.*
5. Student data should be used to inform and not replace the professional judgment of educators.
6. Students’ personal information should only be shared, under terms or agreement, with service providers for legitimate educational purposes; otherwise the consent to share must be given by a parent, guardian, or a student, if that student is over 18. School systems should have policies for overseeing this process, which include support and guidance for teachers.
7. Educational institutions, and their contracted service providers with access to student data, including researchers, should have clear, publicly available rules and guidelines for how they collect, use, safeguard, and destroy those data.
8. Educators and their contracted service providers should only have access to the minimum student data required to support student success.
9. Everyone who has access to students’ personal information should be trained and know how to effectively and ethically use, protect, and secure it.
10. Any educational institution with the authority to collect and maintain student personal information should

• • have a system of governance that designates rules, procedures, and the individual or group responsible for decisionmaking regarding data collection, use, access, sharing, and security, and use of online educational programs;
  • have a policy for notification of any misuse or breach of information and available remedies;
  • maintain a security process that follows widely accepted industry best practices;
  • provide a designated place or contact where students and families can go to learn of their rights and have their questions about student data collection, use, and security answered.

I've often been critical about how student data, especially test score data, has been used in schools, viewing it as more politics than good educational practice (See Test data - for kids or politicians?) But perhaps schools are moving to actually help students by using data - especially that created through formative rather than summative assessments - to build individualized learning plans. But as that happens, paying attention to who has access to the data, how the data is used, and how the data is secured, will become an increasingly important role of schools - and especially their tech departments.

Thank you COSN and other organizations for these fine new principles that will inform and guide our practice.

* I would add "along with information that provides context and meaning to the data being shared.