Data Governance Toolkit: Public Reporting

Public reporting is the publishing of information that has no restricted access. Information or data that contain personally identifying information cannot be released in public reports. Public reports are generated to: (a) meet federal reporting requirements, (b) meet state reporting requirements, (c) address local and state program accountability and improvement needs, and (d) provide information to the general public. A public reporting policy should describe methods for aggregation and de-identification of data to maintain child and family privacy as well as a process for the review of public reports to ensure compliance with these policy requirements. This section contains topical information, a packet with a considerations worksheet and a policy template, and an option to request technical assistance.

A public reporting policy should describe processes used to ensure that data meet privacy and reporting requirements prior to becoming publicly available. Reports should be tailored to specific stakeholder groups (e.g. local programs, policymakers, parents, service providers) and include their input in decisions about what reports should be developed. For example, the legislature might request annual reports on monthly referrals as compared to enrollment into the program. The state advisory council might request regular reporting on frequency of specific services based on local programs and age of children enrolled. The state agency overseeing the program may want to provide annual media releases about child outcomes. Data reports should be prepared to promote understanding of the data and inform state and local decision-making.

Under IDEA Section 618, Part C and Part B must annually report data to the U.S. Secretary of Education and the public at the times specified by the Secretary (34 CFR 303.720 and 34 CFR 300.640; 34 CFR 303.722 and 34 CFR 300.642). Additionally, states are required to report the state’s performance on its annual performance plan for Part B and for Part C (34 CFR 303.702(b)(2) and 34 CFR 300.602(b)(2)). States must also publicly report on the annual performance of local education agencies (LEAs) and early intervention service (EIS) programs on state set targets for specific priority indicators. These reports on LEAs and EIS programs must be published no later than 120 days after the state submits its statewide Annual Performance Report (APR) ((34 CFR 303.702(b)(1) and 34 CFR 300.602(b)(1)).

While IDEA requires states to publicly report state and local performance data, IDEA does not require local agencies to publicly report data. Regardless, many local agencies or programs do report IDEA data regularly. State data governance policies on IDEA public reporting would apply to reports that are developed and disseminated at the local level.

Definition
De-Identification of Data: The process of removing or obscuring any personally identifiable information from children’s education and early intervention records in a way that minimizes the risk of unintended disclosure of the identity of individuals and information about them.

De-Identified Data:
Records that have a re-identification code and have enough personally identifiable information (PII) removed or obscured so that the remaining information does not identify an individual and there is no reasonable basis to believe that the information can be used to identify an individual. The re-identification code may allow the recipient to match information received from the same source.
Source: DaSy/Privacy Technical Assistance Center (PTAC)

Both IDEA and ESSA1 are clear that data publicly reported by each state must not result in disclosure of data identifiable to an individual child. States must not report to the public any data or information on performance that would result in the disclosure of PII about individual children. (34 CFR 303.702(b)(3), 34 CFR 722(a), 34 CFR 300.602(b)(3), and 34 CFR 300.642(a)). Therefore, data containing PII in public reports must be reported and displayed in ways that ensure no PII is discernible directly or through any combination of attributes (e.g., program, agency, disability category, race/ethnicity).

Establishing and adhering to clear public reporting policies and procedures will ensure the protection and the privacy of information about all children and families served under IDEA. Policies should also address protection of the privacy of information about staff working in Part C and Part B 619 programs. The IDEA regulations listed above specify that data must be publicly reported by each state in a manner that does not result in disclosure of data identifiable to individual children.

Public reporting policies should describe data de-identification methods in detail, referring or linking to relevant federal and state requirements, particularly those related to IDEA and the Family Educational Rights and Privacy Act (FERPA)2. These federal statutes and their implementing regulations generally require that parental consent be obtained prior to the disclosure of any PII. However, if data are properly de-identified, then that information may be shared publicly. To ensure successful data protection, data de-identification methods must be appropriate for the intended purpose, and that their application must follow best practices and established data governance policy3.

Part C and B 619 may find their state education agency’s (SEA) ESSA plan for its statewide accountability system is helpful for identifying the techniques for de-identification of data, establishing minimum sample size, and addressing extremes in cell size for public reporting.