At Peer Power, the collection and analysis of data informs our decision making everyday. One important role of the Peer Power Institute at the University of Memphis is to set up and maintain systems for collecting and analyzing data, and to gain insights from data that can be used to inform program design, identify opportunities for intervention, and evaluate our program outcomes.
We collect data from our programs through pre and post surveys and assessments. The data we collect ourselves is further informed by the data shared with us through the data usage agreement we have with our partner school district, Memphis-Shelby County Schools. We are entrusted with student data from these sources and we take our students’ privacy seriously. All full-time staff members are trained in data literacy and its ethical use, and Success Coaches are trained to protect student privacy.
Most who work in education are familiar with FERPA, the Family Educational Rights and Privacy Act. This law protects personally identifiable information in student records and allows parents to access their student’s academic records, amend them, and have control over what can and cannot be released. Although the law only protects personally identifiable information in student records, the U.S. Department of Education considers it a best practice to protect all student information inside or outside of their records and to use it only for the purpose of work that will directly benefit the student.
In addition to FERPA, there is another protection for students, the Protection of Pupil Rights Amendment (PPRA). It concerns the collection of private data that the schools may not already have like political affiliations, mental health history, religious beliefs, and income. This type of data, whether it pertains to the students or the student’s parents, cannot be gathered in surveys, nor can it be used in any form of marketing, without prior parental consent. These laws were created to protect students and their families from discrimination and invasion of privacy from third parties.
Upholding the best practices of student data privacy can be tricky without the proper training. For example, it might be tempting to discuss students with others, especially if celebrating a student win. Something as simple as mentioning that a student improved his grade from a C to an A, or that a student’s birthday was yesterday is a violation of data privacy best practices if told to someone who is not directly working with the student.
When we add technology to the picture, the protection of student data gets even trickier. Technology alone can be difficult to navigate and it introduces many more dangers to student data privacy than can occur offline. When an organization handles data, human error, such as sharing data with the wrong email address, or the interference of a bad actor through phishing or other strategies, can cause a data breach.
Peer Power recommends the following tips for keeping student data secure:
- Train all staff on data security and student privacy best practices.
- Do not share student data with anyone in conversation, by email, or through other means unless it is absolutely necessary. The fewer people who have access to data, the less likely it is that someone will let the information fall into the wrong hands.
- Do not email data unless it is password coded. If the data was to fall into the wrong hands, it would be more difficult to gain access.
- Share the password to the spreadsheet or document with the recipient through a different means of communication than you sent the data.
- Take student names off of data unless it is absolutely necessary. This way it is a lot harder to misuse the data, since one of the key pieces of personally identifiable information is missing.
Being entrusted with our students’ data is a serious responsibility. By following best practices and carefully collecting, analyzing and sharing data, Peer Power is able to use it to design, individualize, and continuously improve our programs. We do better with data!