An important part of each state’s Part C and Part B 619 accountability system is the regular reporting of data related to the implementation of IDEA. Part C and Part B 619 state staff or representatives analyze and publicly report data for a variety of reasons. Public reporting is the publishing of information that has no restricted access (i.e., information or data that contains personally identifying information cannot be released in public reports). Public reports are generated to a) meet federal reporting requirements; b) meet state reporting requirements, c) address local and state program accountability and improvement needs; and d) provide information to the general public. State and local reports are made available through public means, including posting on lead agency Websites, distribution to the media, and distribution to local programs. Part C and Part B 619 public reporting policies should be consistent with applicable data system(s) purpose and vision statements.
Reports should be tailored to specific stakeholder groups (e.g. local programs, policy-makers, parents, service providers) and include their input in decisions about what reports should be developed. For example, the legislature might request annual reports on the monthly referrals as compared to enrollment into the program. The state advisory council might request regular reporting on frequency of specific services based on local programs and age of children enrolled. The state agency overseeing the program may want to provide annual media releases about child outcomes. Data reports should be prepared to promote understanding of the data and inform state and local decision-making.
Under IDEA Section 618, Part C and Part B must annually report data to the U.S. Secretary of Education and the public at the times specified by the Secretary (34 CFR 303.720 and 34 CFR 300.640. (34 CFR 303.722 and 34 CFR 300.642). Additionally, states are required to report the state’s performance on its annual performance plan for Part B and for Part C [34 CFR 303.702(b)(2) and 34 CFR 300.602(b)(2)]. States must also publicly report on the annual performance of local education agencies (LEAs) and early intervention service (EIS) programs on state set targets for specific priority indicators. These reports on LEA’s and EIS programs must be published no later than 120 days after the state submits its statewide Annual Performance Report (APR) [(34 CFR 303.702(b)(1) and 34 CFR 300.602(b)(1)].
While IDEA requires states to publicly report state and local performance data, IDEA does not require local agencies to publicly report data. Regardless, many local agencies or programs do report IDEA data regularly. State data governance policies on IDEA public reporting would apply to reports that are developed and disseminated at the local level.
Both IDEA and ESSA1 are clear that data publicly reported by each state must not result in disclosure of data identifiable to an individual child. States must not report to the public any data or information on performance that would result in the disclosure of personally identifiable information about individual children. (34 CFR 303.702(b)(3), 34 CFR 722(a), 34 CFR 300.602(b)(3)), and 34 CFR 300.642(a). Therefore data containing personally identifiable information (PII) in public reports must be reported and displayed in ways that ensure no PII is identifiable directly or through the combination of attributes (e.g., program, agency, disability category, race/ethnicity).
De-Identification of Data: The process of removing or obscuring any personally identifiable information from children’s education and early intervention records in a way that minimizes the risk of unintended disclosure of the identity of individuals and information about them.
Records that have a re-identification code and have enough personally identifiable information (PII) removed or obscured so that the remaining information does not identify an individual and there is no reasonable basis to believe that the information can be used to identify an individual. The re-identification code may allow the recipient to match information received from the same source.
Source: DaSy/Privacy Technical Assistance Center (PTAC)
The U.S. Department of Education does not mandate a particular method of data protection techniques. Nor does it establish a threshold for what constitutes sufficient disclosure avoidance (so that no personally identifiable information is reported). These decisions are left up to the individual agencies and programs at the state and local level to determine what works best within their specific contexts.
Establishing and adhering to clear public reporting policies and procedures will ensure the protection and the privacy of information about all children and families served under IDEA. Policies should also address protection of the privacy of information about staff working in Part C and Part B 619 programs. The IDEA regulations listed above specify that data must be publicly reported by each State in a manner that does not result in disclosure of data identifiable to individual children. A public reporting policy should describe processes used to ensure that data meet privacy and reporting requirements prior to becoming publicly available. The policy should describe methods for aggregating and de-identification of data to maintain child and family privacy as well as a process for the review of public reports to ensure compliance with these policy requirements.
Policies should describe data de-identification methods in detail, referring or linking to relevant federal and state requirements, particularly those related to the Individuals with Disabilities Education Act (IDEA) and the Family Educational Rights and Privacy Act (FERPA)2. These federal statutes and their implementing regulations generally require parental consent be obtained prior to the disclosure of any PII. However, if data are properly de-identified, then that information may be shared publicly. To ensure successful data protection, it is essential that data de-identification methods are appropriate for the intended purpose and that their application follows best practices and established data governance policy3.
Part C and Part B 619 programs operate within the state agency in which they are housed. Thus, the structure and content of any data governance already within an agency is of particular importance. Before developing any public reporting policy, Part C and Part B 619 programs should review policies regarding public reporting developed by the agency in which their program resides. Existing policies might need to be updated with specific references or provisions related to Part C or Part B 619, in which case the considerations and the template below may be helpful in proposing language for this purpose. Part C and B 619 may find their State Education Agency’s (SEA’s) ESSA plan for its statewide accountability system is helpful for identifying the techniques for de-identification of data, establishing minimum sample size, and addressing extremes in cell size for public reporting.
Where no policy on public reporting exists or a separate policy related to Part C or Part B 619 is needed, the template following the Considerations section is fully editable and prepopulated with language to expedite writing new public reporting policies.
Use the questions below to discuss, consider, and develop a comprehensive public reporting policy. Where appropriate, procedures and operational manuals that detail specific actions supporting implementation of this policy should be created.
1. Public Reporting: General Provisions
- Which federal laws/regulations (e.g., IDEA/FERPA) related to public reporting apply to your Part C or Part B 619 program?
- Are there additional state agency policies related to public reporting of data that apply to your Part C or Part B 619 program? If yes, what are they?
- What specific Part C or Part B 619 public reporting policies or procedures, if any, exist and apply?
- What participating agencies, if any, will be required to follow this policy and under what mechanisms (e.g., contracts, subgrants, or interagency agreements)?
- What program or state longitudinal public reporting efforts are considered under this policy (e.g., SLDS and/or ECIDS)?
- Which role, within what agency/program should be contacted with questions about this policy?
- Which role, within what agency/program is responsible for ensuring adherence to this policy?
- Which role, within what agency/program is responsible for monitoring adherence to this policy, and how will the monitoring be conducted?
- Which role, within what agency/program is responsible for managing the implementation of this policy including provision of training and technical assistance?
- What consequences, if any, will apply when this policy is not followed?
- Which role, within what agency/program is responsible for procedures to be used to resolve any disputes or disagreements about what data are to be released and how or when?
- How often will this policy be reviewed for necessary revisions?
- How will the public be informed about this policy? How is this policy included in your agency’s privacy statement? Where will it be posted on the state’s website?
2. Public Reporting: Planning and Management of Data Reports
- What types of data (e.g., child count, race/ethnicity, gender, programmatic, fiscal, monitoring results) will be reported publically and therefore covered under this policy?
- What subtypes or crosstabs of data (e.g., numbers of children by primary disability and by race/ethnicity) will be reported publically and therefore covered under this policy?
- What process is used to plan for periodic public reporting of data tailored to specific stakeholder groups? How can stakeholders use the data being reported?
- What process is used to evaluate current public reports and revise plans as necessary?
- What procedures are in place to ensure that data, as queried and reported, are accurate and include, when appropriate, checks with the authoritative or original source of the data? (See Data Quality section of this toolkit for additional information.)
- What supporting documentation and processes (e.g., videos, webinars, data dictionaries, key finding summaries) will be used to assist consumers with understanding the publically reported data?
- How long will public reports be made available (for example, how many years’ worth of data will remain accessible on a website)?
- If/when changes happen from one year to the next that might affect the data, how will the public be informed of those changes and potential impact? (E.g., use of different data collection instruments, changes to summary statistics based on sampling vs population measurements.)
- If errors in publically reported data are found, what processes) address how the reported errors are to be corrected?
- What are the steps in the public reporting process and associated timeline or schedule?(E.g., full release only after local agency data reviews and finalization, tentative release of restricted data not to be shared further than appropriate, full release of data.)
- Where will data be publically available?
3. Public Reporting: Data De-Identification/Disclosure Avoidance
- What procedures are used to guide decisions about reporting de-identified data in aggregate reports with educational institutions, researchers, IDEA and other policy-makers, parents and third party contractors?
- What procedures are in place to ensure that PII is not inadvertently disclosed in public aggregate reports?
- Which office or individuals are responsible for ensuring that only de-identified data are made publicly available?
When analyzing the privacy and confidentiality requirements for children with disabilities, it is critical to begin by examining the IDEA requirements first. If you or members of your staff have questions, please contact your State Lead in OSERS Office of Special Education Program’s (OSEP) Monitoring and State Improvement Planning Division.
- Like IDEA, the Every Student Succeeds Act (Public Law 114-95) also supports the protection of student data. ESSA requires each state to create a plan for its statewide accountability system. State plans must specify a single value as the minimum number of students to report statistically sound data for students within a subgroup, while also protecting personally identifiable information of each student. Section 1111(c)(3)(A)(i-iii)
- Data De-identification: An Overview of Basic Terms (Updated in October 2012)
- Best Practices for Determining Subgroup Size in Accountability Systems While Protecting Personally Identifiable Student Information
Public Reporting Policy Template
Use, and modify as needed, the template linked below for developing a public reporting policy. Select the highlighted text and replace with your state/program information. We recommend that you consult with relevant staff and stakeholders when developing these policies. Upon completing the template, be sure to follow your state’s processes for finalizing and enacting policy.