Student Data Privacy

  • Protecting student data is a top priority in the Kettle Moraine School District.

    Student data is used to understand how well students are performing and enhances our ability to personalize learning for students. School districts have always collected data on students. Instead of paper files, much of that data is now collected through computers and online resources. While the systems for organizing and managing this information have changed over the years, the Kettle Moraine School District’s commitment to confidentiality remains the same.

    In addition to our efforts to ensure student data privacy, there are state and federal laws regulating what data can be collected about students, and how and who can use that data. Here is more information about the law:

    Please review the content below for more information. If you have questions, please contact 
    KMSD Director of Technology Services Bob Boyd at 262-968-6300 ext. 5351. Mr. Boyd is available to answer any specific questions parents or community members have about student data privacy. He is a well-known leader in the school technology field, and holds the following credentials / positions of leadership:

    • Certified Education Technology Leader, COSN
    • Wisconsin Association of School Board Representative - State Superintendent’s Education Data Advisory Council
    • Member - Consortium for School Networking
    • Operations Board Member, Past President - WiseDash Local Data Warehousing Consortium

Top 10 Things to Know about Student Data

  • 1 - The Kettle Moraine School District takes our responsibility seriously to keep information about your child safe and secure.


    2 - Strict privacy and security practices in our school district, as well as state and federal student data privacy laws, protect your child’s data. These laws limit what kind of data can be collected and restrict sharing of that data. There are punishments and penalties in place for misusing student data or breaking these laws and policies.


    3 - Access to data in our school district is restricted to users only. Users, including service providers to the district, are only given access to the data they need to do their jobs.


    4 - Our educators are trained and are committed to protecting your child’s data.


    5 - Student data allows our teachers to personalize learning for your child and helps ensure he/she succeeds in school and beyond.


    6 - Data helps provide an accurate and up-to-date view of how our schools, teachers and students are performing.


    7 - You can ask for your child’s educational record at any time.

FAQ on Student Data Privacy

  • What kind of data is collected about students?

    KMSD collects demographic information (names, parents’ or guardians’ names, address, gender, date of birth etc.) as well as information such as test scores, assignments, grades, attendance, program and service eligibility, graduation and remediation rates and discipline. Some additional data about students we may collect includes student use of school provided software, networks and technology devices, as well as use of school provided communication services (Google Apps for Education.)


    How is student data used?

    • Administrative - Student registration, course scheduling, counseling, attendance, school lunch program, transportation services
    • Instructional - Homework assignments, instructional tools and learning apps, working collaboratively online, engaging with teachers and classmates, tailored course information, support services
    • Assessment & Measurement - Measuring the quality of education, standardized tests, course assessments, reshaping classroom materials, measuring effectiveness of student learning


    What is the difference between personally identifiable data, de-identified and aggregate data?

    • Personally identifiable information refers to any information that could identify your child. This includes, but is not limited to: their name, parent or family members’ names, address of student or family, birth date, email address, telephone number, social security number, geolocation information, screen names, usernames, photographs and videos.
    • De-identified data refers to the process of anonymizing, removing or obscuring any personally identifiable information from student data to prevent the unintended disclosure of the identity of the student and information about him/her.
    • Aggregated data is summarized information about a group of students and does not include any identifiable information on individual students.


    Who has access to data about my child?

    The Kettle Moraine School District’s practices limit access to personally identifiable data based on an individual’s role within the district and what is referred to as their “legitimate educational interest” in information about a student. For instance, a bus driver needs to know a child’s address and possibly limited health information in order to get students home safely, but access to information about student test scores is not needed for the bus driver to properly carry out his or her job.


    Teachers, principals and other administrators will have access to the widest range of information about your child in order to monitor their progress in school. Outside service providers to the school receive only the information about your child needed to provide particular services. This could mean letting a tutor know what a child needs help on or providing a student’s name to a math software company so the child can log in and their teacher can monitor their progress.


    School board members, the state department of education and the U.S. Department of Education receive aggregated information that allows them to understand how our schools are performing and make decisions about programs and resources. Personally identifiable information may be shared in limited situations such as to review appeals of school decisions or to audit and monitor programs.


    Who is responsible for protecting student data?

    Our schools and district administrators closely safeguard education records and the personally identifiable information that make up those records. Access to this data is restricted to trained, qualified individuals who only have access to the specific data they need in order to do their jobs.


    What kind of security measures are used?

    Protection of student data is a many faceted operation and the responsibility for securing student data is shared by all staff members in the Kettle Moraine School District. The District has taken many steps outlined in the COSN Privacy Toolkit. As part of the district’s membership in the League of Innovative Schools, we participate in the data interoperability/privacy workgroup and are participating in Project Unicorn.


    As part of our data interoperability work, KMSD has established an Online Subscription review process, by which all online tools that require student data are reviewed prior to their use being authorized for the classroom. The review process includes linkage to educational goals, what data evidence will be used to determine the efficacy of the tool, a strict review of the data privacy policy for the tool provider, and review by the Director of Technology Services of the data being sent to the online resource. The guideline is to send the least amount of information to the online resource as possible, without impacting the efficacy of the tool. If a resource does not meet the standards of this Student Privacy Pledge, it is not approved for use.


    Ongoing professional development for all staff around data security is provided. KMSD uses the online course content from KnowBe4 to increase our staff’s knowledge about online safety and security. Our Student Information System (Infinite Campus) is tied to our Active Directory system to ensure that only those staff members who require access to student information are enabled. For data leakage, KMSD has a subscription to Cisco Cloudlock which monitors our staff and student activity on Google Drive. This system alerts the Director of Technology Services if personally identifiable information, FERPA data, or IEP information is exposed through any Google document.


    Additionally, to prevent cyber attacks, KMSD has the following measures and resources in place:

    • Industry-leading firewall on all outbound network connections
    • Member of Multi-State Information Sharing and Analysis Center (MS-ISAC)
    • Member of Homeland Security Information Network (HSIN)
    • Participant in multiple educational groups around data privacy, including the Student Data Privacy Pledge, Project Unicorn, League of Innovative Schools Data Interoperability Collaborative


    Are there existing laws that protect student data?

    Yes, there are multiple federal and state laws that are designed to protect student data and prohibit any misuse. If student information is misused or compromised, school districts, including Kettle Moraine, can be subject to strict penalties.


    COSN’s Privacy Toolkit provides a detailed review of the types of data that need to be protected under federal law, with a focus on FERPA and the Protection of Pupil Rights Amendment (PPRA). The US Department of Education administers the FERPA law and provides extensive resources for districts at The Children's Online Privacy Protection Act (COPPA) is a federal law regarding the online collection of personal information from children under the age of 13. It details what must be included in a privacy policy, when and how to seek verifiable consent from a parent or guardian, and what responsibilities an operator has to protect children's privacy and safety online, including restrictions on marketing to children under 13. This law is intended to provide protection for students and their personally identifiable information when accessing websites or other online resources.


    How do schools hold outside service providers accountable for maintaining the confidentiality of the student data they receive?

    Our school district is responsible for holding outside service providers accountable and ensuring they have the appropriate protections in place to safeguard the student data they receive. Our contracts with services providers include protections. And, just like any member of the school/school district staff or faculty, outside service providers are expected to adhere to our student data privacy practices. Companies working with the schools and the district are only permitted to use student information for its authorized purpose. Any misuse of the data would constitute a breach of contract and may also violate state and federal laws, which may result in penalties.


    Who owns student data?

    Our schools and district retain ownership of student data and are the stewards of this data.


    Can parents access their child’s education records and the digital tools they use?

    Yes. Under federal law, parents have the right to review their child’s education records. Please contact your school administrator to request a copy of your child’s records. If you wish to learn more and access the digital tools used in your child’s classroom, please contact his/her teacher.