Mo. Code Regs. Ann. tit. 5, § 20-700.100
Statewide Longitudinal Data System
Effective Mar 30, 2022sections 161.092 and 161.096, RSMo 2016.* Original rule filed Jan. 22, 2015, effective Aug. 30, 2015. Amended: Filed Aug. 18, 2021, effective March 30, 2022. *Original authority: 161.092, RSMo 1963, amended 1973, 2002, 2003, 2013, 2014, and 161.096, RSMo 2014Division of Learning Services
PURPOSE: This rule explains the data collected by the Department of Elementary and Secondary Education within the statewide longitudinal data system commonly known as the Missouri Comprehensive Data System (MCDS). The rule also addresses the procedures that are used to ensure the confidentiality of student records maintained in the MCDS.
(1) Data Inventory.
- (A) The Department of Elementary of Secondary Education (department) annually publishes an inventory of student data collected and posted on the department’s website.
- (B) The department shall annually notify the governor, president pro tempore of the senate, the speaker of the house, and the joint committee on education of any changes to existing data elements.
(2) Data Access and Management Policies.
(A) The department adheres to the confidentiality requirements of all state and federal laws relating to confidentiality of student records and confidentiality of individually identifiable personal records generally. The department’s policies include:
- 1. Defining privacy, confidentiality, per-
sonally identifiable information, disclosure, access, and confidential data; and
- 2. Maintaining adequate privacy and
confidentiality protections; including, the assignment of a unique student identifier, data security, restricted access, and reasonable statistical disclosure.
(3) Data Requests.
- (A) Requests must be submitted to the department in writing including, but not limited to, what data are being requested, the purpose of the request, for whom the study is being conducted, and how the requestor will ensure data confidentiality and security. Requests including student level data will require a Memorandum of Agreement (MOA) and research IDs will be created for all records.
(B) All recipients/users of the requested information must sign a MOA that includes:
- 1. Introduction and Relationship;
- 2. Purpose of the Data Sharing 5 CSR 20-700
Agreement;
- 3. Data Being Requested;
- 4. Scope of Activities;
- 5. Participant Non-disclosure;
- 6. Confidentiality/Redisclosure;
- 7. Data Access/Storage/Disposal;
- 8. Release of Analyses;
- 9. Right to Audit; and
- 10. Agreement Period, Amendment, and
Termination.
(4) Data Security Plan. The department, in cooperation with the Office of Administration Information Technology Service Division (OA- ITSD), reviews and maintains the data security plan. This includes, but is not limited to:
- (A) Guidelines for authentication of authorized access;
- (B) Privacy compliance standards;
- (C) Privacy security audits;
- (D) Breach planning, notification, and procedures;
- (E) Data retention and disposition policies; and
- (F) Data security policies including electronic, physical, and administrative safeguards.
AUTHORITY: sections 161.092 and 161.096, RSMo 2016.* Original rule filed Jan. 22, 2015, effective Aug. 30, 2015. Amended: Filed Aug. 18, 2021, effective March 30, 2022. *Original authority: 161.092, RSMo 1963, amended 1973, 2002, 2003, 2013, 2014, and 161.096, RSMo 2014.