DEPARTMENT OF EDUCATION
Office of the Secretary
FINAL
REGULATORY IMPLEMENTING ORDER
294 Data Governance
I. Summary of the Evidence and Information Submitted
The Secretary of Education seeks the consent of the State Board of Education to adopt a new regulation 14 DE Admin. Code 294 Data Governance. This regulation was developed in consultation with a working group designated by the members of the P-20 which includes representatives of the Interagency Resource Management Committee. The regulation is adopted pursuant to legislation passed in the 146th General Assembly and specifically 14 Del.C., §122(b)(24). This regulation provides for the criteria and process for interagency data governance and the conduction of evaluations, audits and studies. The Delaware P-20 Council Data Governance Handbook, approved by the P-20 Council in January 2012 is a companion document to this regulation.
Notice of the proposed regulation was published in the News Journal and the Delaware State News on May 4, 2012, in the form hereto attached as Exhibit “A”. Comments were received from Governor’s Advisory Council for Exceptional Citizens and the State Council for Persons with Disabilities generally supporting the regulation while asking the Department to consider some observations. The first is related to the definition of “educational record” and whether the regulation would omit private elementary, secondary, post-secondary, and trade schools which do not receive federal funds but may be subject to DOE regulation. The Department believes the definition of “educational record” applies to any education agency or institution. The personally identifiable student information that makes up the educational record is defined and guided by FERPA, the IDEA and similar federal and State privacy and confidentiality laws. Commas have been added to the definition to clarify it. The second observation is related to conducting research. As written, the Department believes the concern expressed by Councils is addressed. The regulation provides the mechanism for disclosure of personally identifiable information without consent where it is permitted.
II. Findings of Facts
The Secretary finds that it is appropriate to adopt a new regulation 14 DE Admin. Code 294 Data Governance pursuant to legislation passed in the 146th General Assembly and specifically 14 Del.C., §122(b)(24). This regulation was developed in consultation with a working group designated by the members of the P-20 which includes representatives of the Interagency Resource Management Committee. This regulation provides for the criteria and process for interagency data governance and the conduction of evaluations, audits and studies. The Delaware P-20 Council Data Governance Handbook, approved by the P-20 Council in January 2012 is a companion document to this regulation.
III. Decision to Adopt the Regulation
For the foregoing reasons, the Secretary concludes that it is appropriate to adopt a new regulation 14 DE Admin. Code 294 Data Governance. Therefore, pursuant to 14 Del.C. §122, 14 DE Admin. Code 294 Data Governance attached hereto as Exhibit “B” is hereby adopted. Pursuant to the provision of 14 Del.C. §122(e), 14 DE Admin. Code 294 Data Governance hereby adopted shall be in effect for a period of five years from the effective date of this order as set forth in Section V. below.
IV. Text and Citation
The text of 14 DE Admin. Code 294 Data Governance adopted hereby shall be in the form attached hereto as Exhibit “B”, and said regulation shall be cited as 14 DE Admin. Code 294 Data Governance in the Administrative Code of Regulations for the Department of Education.
V. Effective Date of Order
The actions hereinabove referred to were taken by the Secretary pursuant to 14 Del.C. §122 on June 21, 2012. The effective date of this Order shall be ten (10) days from the date this Order is published in the Delaware Register of Regulations.
IT IS SO ORDERED the 21st day of June 2012.
Department of Education
Mark T. Murphy, Secretary of Education
Approved this 21st day of June 2012
State Board of Education
Teri Quinn Gray, Ph.D., President |
Gregory Coverdale |
Jorge L. Melendez, Vice President |
Terry M. Whittaker, Ed.D. |
G. Patrick Heffernan |
Randall L. Hughes |
Barbara B. Rutt |
294 Data Governance
The purpose of this regulation is to outline the criteria and process for interagency data governance and the conduction of evaluation, audits and studies pursuant to 14 Del.C. §§121, 122 and 4111.
The words and terms, when used in this regulation, shall have the following meaning unless the context clearly indicates otherwise:
"Department" means the Delaware Department of Education.
"Educational Record" shall mean personally identifiable student information, maintained by an education agency or institution, as defined by the Family Educational Rights and Privacy Act, 20 U.S.C. § 1232(g) and its implementing regulations at 34 CFR part 99, and the Individuals with Disabilities Education Act, 20 U.S.C. 1400 et seq. and its implementing regulations, and other applicable federal and state privacy and confidentiality laws.
"Longitudinal Data System" means a structure and mechanism for the storage, description, management and reporting of discrete data elements and bodies of information over time.
"Personally Identifiable Information" refers to information which, alone or in combination with other information, can be used to distinguish or trace an individual's identity and shall include, but not be limited to, the names and addresses of students, parents or other family members, and personal identifiers such as social security or student numbers.
"P-20 Council" means the council established by 14 Del.C., §107 to coordinate educational efforts of publicly-funded programs from early care through higher education and to foster partnerships among groups concerned with public education.
"Research Agenda" means a roster of research questions that require shared data elements and subject to periodic review and revision. Research questions may reflect federal and state reporting requirements or may be discretionary.
The Longitudinal Data System developed and administered by the Department is governed by the Delaware P-20 Council Data Governance Handbook, initially approved by the P-20 Council on January 10, 2012, and as may be amended from time to time.
4.1 The Department shall collect and maintain data, including Personally Identifiable Information, in compliance with its rights and obligations under federal and state laws.
4.2 The Department shall provide data, including Personally Identifiable Information, to implement applicable Research Agendas established by the P-20 Council.
4.3 When a Research Agenda is established by the P-20 Council which requires the use of Personally Identifiable Information from data collected and maintained or to be collected and maintained by the Department, a written agreement in the form prescribed by the Department shall be entered into.
4.3.1 If the Research Agenda is to conduct a study for or on behalf of school, school district or postsecondary institutions it must be for the purpose of: improving instruction; developing, validating, or administering predictive tests; or administering student aid programs. In the case of such a study, the written agreement shall, at a minimum, do the following:
4.3.1.1 Specify the purpose, scope and duration of the study and the information to be disclosed; and
4.3.1.2 Require the organization to: use Personally Identifiable Information only to meet the purpose(s) of the study; limit access to Personally Identifiable Information to those with legitimate interests; and destroy any Personally Identifiable Information upon completion of the study and specify the time period in which the information must be destroyed.
4.3.2 If the Research Agenda is to conduct an audit or evaluation of a Federal or State supported education program or to enforce or comply with Federal legal requirements that relate to those education programs, as defined by the Family Educational Rights and Privacy Act, 20 U.S.C. § 1232(g) and its implementing regulations at 34 CFR part 99, the written agreement shall, at a minimum, do the following:
4.3.2.1 Designate an authorized representative; and
4.3.2.2 Specify what Personally Identifiable Information will be disclosed and for what purpose, which purpose shall be one allowable under the provisions of the Family Educational Rights and Privacy Act, 20 U.S.C. § 1232(g) and its implementing regulations at 34 CFR part 99; and
4.3.2.3 Describe the activity to make clear it falls within an allowable purpose; and
4.3.2.4 Require the authorized representative to destroy Personally Identifiable Information upon completion of the evaluation and specify the time period in which the information must be destroyed; and
4.3.2.5 Include policies and procedures to protect Personally Identifiable Information from further disclosure and unauthorized use.
4.4 Any written agreement entered into under this regulation shall prohibit modification or amendment except by written agreement duly executed by the parties to that agreement.