Balancing the Scale of Student Data Deletion and Retention in Education
Written by Hannah Quay-de la Vallee
A few months ago, we talked about why deleting data is harder than you might think (with a little help from the King of Rock and Roll). As promised, we’ve created some guidance about how to manage this complex task, in the form of an issue brief about data deletion in education. To ensure this brief is more than just a treatise on how thorny the deletion issue is (don’t worry, we discuss that too), we convened a workshop to gather expertise from across the education and technology space. From software engineers to chief information officers, to state departments of education to privacy advocates, a range of perspectives helped us develop actionable guidance for education practitioners.
In the brief, we delve into the legal, policy, and technical issues that surround data deletion in the education space and make it feel so intractable. We discuss federal laws and examples of state laws that affect data management in education, discuss how to engage stakeholders in the process of developing data inventories and retention policies, and review various technical methods of data deletion and the benefits and drawbacks of each approach. Finally, because we know it can be difficult to take this sort of brief and turn it into real-world action, we provide a number of resources that practitioners can build off of in their own schools and districts, such as:
- A cheat sheet of data deletion methods and the contexts in which they are most useful (and contexts when they may not provide enough security!)
- An example of a retention policy from the Colorado Department of Education
- A data inventory from the Wisconsin Department of Education
- A data destruction certificate from the Office of the State Superintendent of Education
- A sample kick-off letter to build organization-wide engagement in the data management process
We hope these tools can serve as starting points for practitioners to build robust data management in their own organizations, so that they can get the most out of their data while protecting their students.