Statements on the Protection of Confidential Personally Identifiable Information
State Report ManagerTM (SRM) and Vertical Reporting FrameworkTM (VRF) may be implemented to exchange personally identifiable information (PII) between education agencies (e.g., schools and their state education agency). Exchanges are conducted using secure, encrypted protocols with certificates. Data governance policies and procedures follow all applicable federal and state laws and regulations. ESP provides the SRM and VRF software programs and support within the state education agency’s secure environment. PII remain within that environment.
EDFacts Shared State Solution (ES3) is an aggregate data reporting system between state education agencies and the U.S. Department of Education (USED). ESP provides the software and support, and all transactions occur at the state education agency. Small cells may present an opportunity in some states for identification of personally identifiable information (PII). USED masks small cells before public reports are published.
DataSpecs® is a metadata management application that does not collect personally identifiable information (PII) for individuals. As such, the provisions of FERPA, HIPAA, COPPA, CIPA, and PPRA are not applicable to the contents of DataSpecs®. DataSpecs® Enterprise Edition accommodates the documentation of individual data elements within collections, repositories, and outputs/reports. Those data elements may describe PII, but will not contain the actual data for an individual.