Privacy Considerations

The privacy of Washington students is our top priority.

Federal and State Laws Protect Student Privacy

Federal law (specifically, the The Federal Educational Rights and Privacy Act of 1974, also known as “FERPA”) safeguards the confidentiality of individual student information. This law requires that educational institutions and state agencies maintain the confidentiality and privacy of personally identifiable information in student records. The U.S. Department of Education has created extensive regulations regarding implementation of FERPA under Title 34, Part 99 of the Code of Federal Regulations. In some instances, data may also be protected by the Parts B and C of the federal Individuals with Disabilities Education Act, also known as "IDEA". Federal regulations regarding implementation of IDEA can be found in Title 34, Part 300 and Title 34, Part 303 of the Code of Federal Regulations. IDEA incorporates all the provisions of FERPA and adds eight additional requirements to safeguard privacy.

Workforce-related data are also protected and secured by federal law, such as Section 303 of the Social Security Act, for which the U.S. Department of Labor has promulgated Title 20, Part 603 of the Code of Federal Regulations. Furthermore, the federal Workforce Innovation and Opportunity Act of 2014 prohibits the disclosure information collected under the auspices of the workforce development system that would “constitute a clearly unwarranted invasion of personal privacy.” In other words, ERDC cannot release or share information about individuals that would constitute an unwarranted invasion of privacy, even to advance its workforce development system. In compliance with all of these laws and regulations, ERDC only publishes aggregate information, and never information that can be used to identify individuals.

Privacy Resources

A Stoplight for Student Data Use

The Data Quality Campaign (DQC) has released this brochure that explains in a simple way the privacy laws that protect student data. 

Privacy Technical Assistance Center

The U.S. Department of Education has created this website to help educators and parents understand the requirements of federal privacy laws.

ERDC's Tiered System

The information published on this site contains no unit record level information (information about individual students). It only presents aggregate information (averages and group statistics). In addition, when we collaborate with other state institutions and outside researchers, we ensure that data has been stripped of any personally identifiable information. In additio, we follow strict procedures to protect confidentiality per FERPA regulations and other state and federal requirements.

There are three kinds of data that is stored and used by ERDC: (1) Highly Restricted-Use Data (Level 1), Restricted-Use Data (Level 2), and Public-Use Data (Level 3)

Highly Restricted-Use Data (Level 1)

This is data that includes information about the identity of individuals and employers. This data is strictly confidential, and requires specific procedures to protect confidentiality per FERPA regulations and other state and federal requirements. ERDC uses this information only for record matching purposes. This type of data is very rarely shared (and only under strict protocols), and is kept secure at all times.

Restricted-Use Data (Level 2)

This is data that contains unit records (e.g., individual scores, enrollment and graduation information, etc.), but contains no individually identifiable information. Merely deleting identity fields from a Level 1 file does not necessarily create a Level 2 file, since it may be possible to identify a student by making inferences (e.g., a person of known race, gender, age, college enrollment, and high school experience might be identifiable). This means that the number of fields must be reduced so that identities of individuals cannot be reasonably inferred from the information available.

Level 2 files are what ERDC shares with partnering institutions and researchers for research purposes, and even then, strict precautions are undertaken to ensure privacy and security. Partnering researchers and institutions must have the technical proficiency to keep data in a secure environment and understand laws and regulations related to data privacy, and must agree to strict protocols regarding the use of the data. In this way, even when data cannot be used to identify individuals persons, the data is still heavily protected and its use restricted.

Public-Use Data (Level 3)

This is data that has been aggregated from Level 2 data, and which contain no unit record data. These forms of data are for public use, and can be published. This includes, for example, the graduation rates of high schools and districts, college admissions rates, average GPA of Washington students, etc., and any of the forms of data that are presented in the research reports, dashboards, and other presentations on the ERDC website.

Even here, though, precautions are taken to protect individual identities. When discussing the graduation rates of students of various demographics at a particular high school or district, for example, we might be able to say more about some groups of students than others. For example, we might be able to freely compare the graduation rates of White students with Hispanic or African American students, but if there were only 6 or 7 Native American students in the cohort, we cannot say as much about them as a group. Revealing even aggregate information (such as averages) of a group that small could still allow people to infer information about individual students. In such cases, we redact those values and statistics.


Back to Top