How easy is it for teachers to implement an application they know will improve their students learning experience? Is the process so complex that they begin covertly using the application, putting the students and the district at risk? With each state and the federal government focusing more and more on student privacy and student safety, the legal, technical, and fiscal processes to implement new software can be overwhelming.
The “Connect” project’s focus is to see how many of these steps can be standardized, automated, or establish effective practices so we all are not starting from scratch each time. The goal is to streamline application selection, vetting, on boarding (sharing properly protected data elements), and final implementation with marketplace norms.
“As a previous state education technology director, I know that one of the biggest hurdles for learning institutions is onboarding applications into their own ecosystems. This pain impacts the time between a great application identification to having it used by students along with increased costs and complexity by each one being done in its own unique manner. Why not streamline and standardize?”
Larry L Fruth II, PhD, previous State of Ohio Ed Technology Director
Privacy Connect is being seen by some the Holy Grail for school/district level CIOs. The project’s focus is to see how to simplify the steps between the identification of a desired application to students actually accessing that application. This often-complicated process may include various owners (legal, technical, fiscal, etc.), critical areas of concern (privacy, security, parental notice, etc.) and impact (academic alignment, usage, other options, etc.). How much of this complicated process can be standardized, automated, or utilize effective practices so we all are not starting from scratch each time? The goal is to streamline application selection, vetting, on boarding (sharing properly protected data elements), and final implementation with marketplace norms – all done in a standardized manner. The project is leveraging the collaborative strength of the SDPC to develop a freely available open technical standard that would help identify the “right data to the right application” in a standard transport manner identified in the various Alliance developed shared privacy contract frameworks. In essence the Consortium is helping create a “Secure K-20 Education Data Environment for Learning”!
OK, the contract is all signed between marketplace provider and customer, the deliverables are clearly outlined and everything is outlined in the roles and responsibilities of each party.
Ready to go, right? No.
In most cases the next call between the two parties to answer the question “How do you want us to deliver on X, Y and Z?”. This is especially true when it comes to student data privacy issues which usually outlines the need for vendors to use “industry established best practices/standards”. The issue is that for the education vertical, no practices or standards exist.
The Global Education Privacy Standard, GEPS, is a PK-20 global set of data privacy obligations (obligations) that can be aligned to contractual clauses as well as technical control benchmarks. GEPS includes open XML code (PODS) to transfer privacy obligations between controllers and processors to bridge the gap in understand of education data protection expectations. GEPS allows for organizations to choose the SDPC standard suggestions or use other existing standards, (i.e. IEEE, NIST, ISO, etc.) to set their own expectations between vendors and customers on managing student data.
We suggest if you are an end user OR marketplace provider, that you get involved proactively in this work to assure your needs are met. With the growth of the Alliance, and demands for better data privacy oversight, this work will be the foundation of how all products will validate their controls over student data.
Available to Marketplace
SDPC Membership Value
|Openly developed technical privacy specification|
|Access to vendor marketplace information|
|Effective practices documentation support for application integration|
|Highlight for vendor members in the marketplace|
|Privacy Certification for application providers|
|Additional contact and support information from providers for end users|