Statutes, codes, and regulations
Missouri Administrative Code
Title 5 - DEPARTMENT OF ELEMENTARY AND SECONDARY EDUCATIONDivision 20 - Division of Learning Services
Chapter 700 - Office of Data System Management
Section 5 CSR 20-700.100 - Statewide Longitudinal Data System

Mo. Code Regs. tit. 5 § 20-700.100

Download
PDF
Current through Register Vol. 49, No. 18, September 16, 2024
Section 5 CSR 20-700.100 - Statewide Longitudinal Data System

PURPOSE: This proposed amendment adds language to ensure the rule covers all confidential information maintained by the department and to clarify the data sharing agreement.

(1) Data Inventory.
(A) The Department of Elementary of Secondary Education (department) annually publishes an inventory of student data collected and posted on the department's website.
(B) The department shall annually notify the governor, president pro tempore of the senate, the speaker of the house, and the joint committee on education any changes to existing data elements.
(2) Data Access and Management Policies.
(A) The department adheres to the confidentiality requirements of all state and federal laws relating to confidentiality of student records and confidentiality of individually identifiable personal records generally. The department's policies include:
1. Defining privacy, confidentiality, personally identifiable information, disclosure, access, and confidential data; and
2. Maintaining adequate privacy and confidentiality protections; including the assignment of a unique student identifier, data security, restricted access, and reasonable statistical disclosure.
(3) Data Requests.
(A) Requests must be submitted to the department in writing including, but not limited to, what data are being requested, the purpose of the request, for whom the study is being conducted, and how the requestor will ensure data confidentiality and security. Requests including student level data will require a Memorandum of Agreement (MOA) and research IDs will be created for all records.
(B) All recipients/users of the requested information must sign a MOA that includes:
1. Introduction and Relationship;
2. Purpose of the Data Sharing Agreement;
3. Data Being Requested;
4. Scope of Activities;
5. Participant Non-disclosure;
6. Confidentiality/Redisclosure;
7. Data Access/Storage/Disposal;
8. Release of Analyses;
9. Right to Audit; and
10. Agreement Period, Amendment, and Termination.
(4) Data Security Plan. The department, in cooperation with the Office of Administration Information Technology Service Division (OA-ITSD), reviews and maintains the data security plan. This includes, but is not limited to:
(A) Guidelines for authentication of authorized access;
(B) Privacy compliance standards;
(C) Privacy security audits;
(D) Breach planning, notification, and procedures;
(E) Data retention and disposition policies; and
(F) Data security policies including electronic, physical, and administrative safeguards.

5 CSR 20-700.100

Adopted by Missouri Register July 15, 2015/Volume 40, Number 14, effective 8/31/2015
Amended by Missouri Register February 15, 2022/Volume 47, Number 4, effective 3/31/2022