You are here

II. Data Privacy

AEI is committed supporting grantees in their safe and secure collection, storage, and sharing of learner data following state and federal laws and guidelines. The LACES data system, a secure platform for housing learner data, is provided to grantees as one means of support.

Grantees should be familiar with the following applicable laws regarding data privacy:

Grantees who are Local Education Agencies (LEA) and Public Education Entities must pay particular attention to the Colorado State Student Data Transparency and Security Act as that law applies to their organizations.

Protecting learner Personally Identifiable Information (PII) is the focus of the laws listed above. PII includes, but is not limited to: the student's name; the name of the student's parent or other family members; the address of the student or student's family; a personal identifier, such as the student's social security number, student number, or biometric record; other indirect identifiers, such as the student's date of birth, place of birth, or mother's maiden name; other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty; or information requested by a person who the educational agency or institution reasonably believes knows the identity of the student to whom the education record relates. 

PII also means a dataset that is linked to a specific individual and that would allow a reasonable person in a school community, who does not have knowledge of the relevant circumstances, to identify the individual with reasonable certainty.

Note: Workforce Innovation and Opportunity Act (WIOA) data reporting in LACES to CDE does NOT require learner consent for sharing PII, including sharing social security numbers, under FERPA’s audit and evaluation exemption.1

When a grantee wishes to share learner PII, they must do so in a manner that follows the requirements in the above laws. Often consent to share learner PII is collected during orientation and intake via disclosure forms. Consent or disclosure agreement forms for learner PII should:

  • Identify the information being disclosed
  • Include the specific purposes for which the information is sought and a statement that the information will only be used for those purposes
  • Include a list of all the parties that will have access to the information being provided
  • Use one form per use of PII
  • State PII retention/destruction processes; if the data is retained, explain why
  • Only include data elements that will be used for the purpose named
  • Identify the laws applicable for collecting the information (if any) and to the use and protection of data
  • State that information is released with the individual’s full consent
  • Provide the form in the individual’s native language
  • Be signed; wet signature is best
    • Individuals under 18 must also get parent/guardian signature

Grantees using PII consent forms/disclosure agreements may save these document in the documents section of the learner record in LACES. LACES also features a “Data Sharing Agreed” checkbox on the student intake screen which may be used locally to easily identify which learners have completed signed forms to share PII.

1FERPA permits schools to disclose PII from students’ education records, without consent, to authorized representatives of State and local educational authorities, the Secretary of Education, the Comptroller General of the United States, and the Attorney General of the United States for specified purposes. Disclosures may be made under this exception as necessary in connection with the audit or evaluation of Federal or State supported education programs, or in connection with the enforcement of Federal legal requirements that relate to those program. 34 CFR §§ 99.31(a)(3) and 99.35.