Carroll County Public Schools is seeking to revise its student data governance policy to be “comprehensive” and to serve as a framework that can be built on in the future.
The proposed policy, presented to the Board of Education at its July 10 meeting, sets up the committees that will be in charge of creating a plan with specifics. The policy is out for public comment until August.
Once the groundwork is set, a “fully matured” data governance policy will include response plans for privacy and security incidents, procedures for permitting access to data, and procedures for vetting sites and applications used by CCPS.
CCPS wants to look at data’s entire life cycle, from when it is created to when it is legally destroyed. In between, the goal is to set clear expectations on who has access to it and how it is protected, he said.
During Wednesday’s meeting, board President Donna Sivigny asked whether CCPS was taking on the task of creating a new data policy because the previous ones were found to be lacking.
Bricca said that the state compliance agency had asked for CCPS’s data policy last year when it reviewed the school system’s reporting of graduation rates.
The Office of Compliance and Monitoring recommended that CCPS develop written policies, and identify a data management team and data stewards related specifically to grading- and graduation-related data.
But a number of other factors went into the decision to make a new data policy, he said. One was the system’s own strategic planning process and another was legislation passed in 2018 in the Maryland General Assembly.
“Most of the requirement is related specifically to student data governance,” Bricca said.
But what CCPS is proposing will look at figures on other levels too, including administrative and human resources data. In a memo to the board, CCPS staff lays out the importance of management policies for all data:
“While the need to establish written policy and procedure related to specific student data is clear, the need to establish written policy and procedure related to all CCPS data is no less important. For example, best practices in the fields of Human Resources and Financial Management also point to the need for documented data governance programs,” it reads.
Sivigny did not respond by Tuesday evening to a request for comment on the new policy.
The seven-person Data Policy Committee was established by Superintendent Steven Lockard in April and is designed to be the “broad level of executive leadership” that ensures that the policy meets the requirements of the law and the expectations of the school system.
Under that is the Data Governance Committee, which is on the level of the superintendent’s executive leadership team. That committee will be a permanent new task for appointed CCPS staff, in charge of maintaining and enforcing standards.
Then, Bricca said, “Ultimately, the responsibility for implementing the data policies would fall to data stewards.”
“That’s something that on the whole, particularly in a formal manner, we don’t have data stewards throughout our system,” he said. “We have people we assume. And we have people with job descriptions that talk about making sure that they are overseeing the use of the data, but we haven’t really identified them specifically as data stewards.”
Bricca spoke about Public Information Act requests as an example where the data policy would be used. It would define a data steward who would make the judgement of what data to disclose under the PIA.
This level of specificity still needs to be fleshed out, he said. The data committees will be responsible for developing and implementing that specific plan. A draft of that plan will come before the Board of Education when the committee has created it.
This will be a significant project over the next year, Bricca said.
So far, Carroll’s Data Policy Committee has looked at best practices from other federal, state and even other county sources as models.
The board had the option to hold off on the policy and wait for additional guidance from the state. But Bricca said that it did not seem like the state was poised to make a model policy, and instead would continue to point to best practices.
‘We’re comfortable at a policy level establishing a policy because it is so broad in its direction," he said.