Privacy and Security
The security and privacy of data in the Maryland Longitudinal Data System is the highest priority of the MLDS Governing Board, the Center, and its staff. Security and privacy are maintained by:
- Strict adherence to legal limitations placed on system access and use;
- A system design that secures and limits access to personally identifiable data; and
- Ongoing compliance with security requirements developed by the Governing Board.
How does MLDS process data?
The Maryland Longitudinal Data System (MLDS) is a new system to track student achievement and educational outcomes. MLDS connects student data from across Maryland’s education and workforce agencies to provide a more complete picture of the progress students are making as they more from Pre-K through grades K-12 and into higher education and the workforce.
MLDS makes it possible to monitor student performance as well as track statewide educational trends over the long term - providing a variety of data that can be utilized to improve student outcomes, school practice, and education policy.
Ultimately, MLDS allows us to see where students have come from, where they are going, and what they need to be fully prepared to succeed in college and the workforce.
What kinds of data are being collected by MLDS?
The following are the types of data being collected by the MLDS Center.
- Courses taken
- Grades achieved
- Test results
- Participation
- Persistence and completion
- Grade point average
- Transitions
- Degree, diploma, or credential attainment
- Enrollment
- Demographic data
- Employment status
- Wage information
- Type of employment
Where does the data come from?
- Maryland State Department of Education;
- Maryland Higher Education Commission;
- Maryland Department of Labor;
- Maryland Department of Juvenile Services
- Maryland Department of Human Services; and
- External Data Sources.
Does the data include personally identifiable information about students and workers?
Yes. The records collected do include personally identifiable information (PII), on students and workers. Personally identifiable information includes name, address, date of birth, identification number, and other information that identifies an individual. MLDS Center only uses this data for the purpose of linking an individual’s records from the different data sources. Once the records are matched, the PII data is removed and replaced by a randomly assigned token. All research will be done using de-identified data. All reporting of the results of the research will be done using de-identified, aggregate data with additional data suppression rules applied.
Does the Family Educational Rights and Privacy Act (FERPA) permit this information to be gathered, de-identified, aggregated and studied by a State agency?
The Family Educational Rights and Privacy Act (FERPA), set forth in Title 20 U.S.C. § 1232g, and its regulations, 34 C.F.R. § 99.1 et seq. generally prohibits the disclosure of a student’s personally identifiable information without prior consent, with limited exceptions. One of the exceptions, set forth at 34 C.F.R. §99.35 allows for the distribution of a student’s personally identifiable information to authorized representatives of state authorities for the purpose of auditing or evaluating Federal or State supported education programs or for complying with Federal legal requirements that relate to those programs.
The MLDSC is an independent education agency within Maryland government. The MLDS Center has entered into written agreements with MSDE, MHEC, Labor and DJS which specify that the MLDS Center is the authorized representative of those agencies for purposes of receiving the educational data governed by FERPA. Second, the MLDS Center has entered into agreements with MSDE, MHEC, Labor and DJS that specifies that the data transferred by the agencies may only be used for audit and evaluation purposes consistent with State and Federal law.
Does State and/or Federal law permit workforce information collected by one State agency to be gathered, de-identified, aggregated, and studied by another State agency?
State and Federal laws and regulations govern the confidentiality and security of the workforce data transferred to the MLDS by Labor. Specifically, disclosure of confidential unemployment insurance information is generally prohibited under both State and federal law. Maryland Code, § 8-625(d) of the Labor & Employment Article, §§4-101 et seq. of the General Provisions Article, and 20 C.F.R. Part 603. However, Maryland Code, § 8-625(d) of the Labor & Employment Article authorizes Labor to share wage information with public officials in the performance of public duties. In addition, subject to confidentiality restrictions found in 20 CFR Part 603, Labor is permitted to transfer Claimant Demographic Information and Employer Information, to a public official in the performance of official duties. The MLDS Center, as an independent State agency, is a public official for purposes of the data transfer.
Is the data secure?
The security and privacy of personally identifiable data in the Maryland Longitudinal Data System is the highest priority of the MLDS Governing Board, the Center and its staff. Security and privacy are maintained by:
- Strict adherence to legal limitations placed on system access and use;
- A system design that secures and limits access to personally identifiable data; and
- Ongoing compliance with security requirements developed by the Governing Board.
System Access and Usage Limitations
Maryland law establishes important restrictions on access to and use of the data in the MLDS. These restrictions provide important privacy and security assurances, including:
- Direct access to data in the MLDS is limited to authorized staff of the Center;
- Staff members who access the MLDS for research and reporting purposes only have access to and are only permitted to use de-identified data.
- The Center may only use aggregate data in the reports, analyses, and website dashboards that it creates and in response to data requests.
- Aggregated data that may potentially be identifiable based on the size or uniqueness of the population under consideration may not be reported in any form by the Center.
- The Center may not release information that may not be disclosed under the federal Family Educational Rights and Privacy Act and other relevant privacy laws and policies.
System Design
As stated above, the MLDS Center does not use personally identifiable student or workforce data when conducting research or creating reports and public information. However, the Center does collect and maintain personally identifiable student and workforce data for the limited purpose of matching data from various sources over time - for example, PII data is necessary to link a student’s records from K-12 education to his or her college records to available workforce records.
This matching process takes place in a secure server, referred to as the Master Data Management System (MDM). Personally identifiable data in the MDM is both deconstructed and encrypted. Once the personally identifiable data match has been established in the MDM, the personally identifiable data is stripped and a randomly generated identification token is assigned. The de-identified record is then transferred to another server (referred to as the Operational Data Store or ODS), along with the transactional data (i.e. grades, classes, degree, employment status, and salary). During the transfer to the ODS, secondary de-identification is done by replacing the original token with multiple tokens. This prevents anyone from using an ODS identifier (token) to explore information in the MDM. The data matching process in the MDM is highly automated. This means that access to the MDM and the personally identifiable data can be restricted to a single service with no user access, unless emergency or utility processes requires it. Also, because the need to access this system is so limited, the MDM can be set up behind very restrictive firewalls and limited network connections. The ODS system, which has only de-identified information has slightly broader access, but is still limited to only staff of the MLDS Center. The ODS is used by the Center staff for research, analysis, reporting, and creation of information for this website. Public information released by the MLDS Center is only aggregate, de-identified data.
Security is Ongoing
MLDS Center recognizes that security is an ongoing process that requires constant attention, training, and vigilance. To this end, the Center requires:
- Mandatory security audits;
- Vulnerability testing by independent 3rd parties;
- Security and privacy training of staff;
- Ongoing compliance with the requirements of the Data Security and Safeguarding Plan;
- The establishment of an inter-agency Data Governance Advisory Board;
- Security background checks of all Center staff; and
- Required signature and compliance with non-disclosure agreements by staff.