Stakeholder Knowledge: Data Privacy & Confidentiality

Data Privacy icon

The use of high-quality data enables policymakers, administrators, service providers, families, and other stakeholders to examine how well Individuals with Disabilities Education Act (IDEA) programs are improving outcomes for children and families. Stakeholders need to be knowledgeable about data privacy and confidentiality requirements to understand the implications of these regulations for how data are collected, stored, shared, and reported.

In this section, you will learn about:

  • the data confidentiality requirements for programs under the IDEA and the Family Education Rights and Privacy Act (FERPA); and
  • the efforts states must take to reduce the risk of disclosure of personally identifiable information (PII) to protect the privacy of children and families.

What do I need to know?

Download a PDF version of this section.

How do I build my knowledge?

Although originally developed for families of school-age children, this video from the U.S. Department of Education’s Privacy Technical Assistance Center (PTAC) and the Family Policy Compliance Office provides an overview of the types of questions that Part C and Part B 619 stakeholders can ask their state agency partners about the data they collect and maintain.

How do I apply this to my state?

For a variety of purposes, including to meet federal requirements, IDEA lead agencies publish aggregated child/student data in tables. For example, Part C and Part B 619 programs often share tables that show child outcomes data by various subgroups, such as race/ethnicity. The table below could be a table with data from a local program.

In this example, the table contains information for subgroups with small numbers of children, i.e., it contains numerous cells with only one or two children in them. This table would be considered to contain PII because someone familiar with the program might be able identify the children within those small cells based on one or more characteristics. To comply with the privacy and confidentiality requirements of IDEA and FERPA, the lead agency would need to apply disclosure avoidance techniques before releasing this table to the public. This means that they must adjust how the data are displayed in the table as an effort to reduce the risk of unauthorized or accidental communication of PII.

In the modified table below, the lead agency used one type of disclosure avoidance technique known as complementary cell suppression. In other words, all cells in the table for race/ethnicity groups that fell below a particular threshold (in this case, less than 10 children) were suppressed, or hidden. The agency then suppressed additional cells to prevent the possibility that the suppressed small cells could be re-calculated by subtracting the other reported cells from the table’s column totals. Now when you see tables in your state’s data with suppressed, or hidden, cells, you know why! And you know how important it is that state and local programs take the necessary steps to protect PII from being inadvertently revealed when reporting data. When serving on advisory groups, you may want to ask what disclosure avoidance methodology has been applied to release of data in your state, and how it may impact the use of the public data. See PTAC’s FAQ on Disclosure Avoidance for more information.

What are some related resources?