Wednesday, October 21, 2015
DESE: We will stop collecting students' Social Security numbers
The Missouri Student Information System (MOSIS) received a “good” rating in a recent audit conducted by the Missouri State Auditor’s Office. The auditor’s office defines a good rating as indicating that the system is well managed, the report contains few findings, and that most or all recommendations have already been or will be implemented.
MOSIS is the Department’s student information reporting system used to collect information from school districts in order to administer state and federal programs for students and provide the public with feedback on district and charter school performance.
The findings released on Tuesday evaluated MOSIS related to data governance, as well as security and privacy controls that are designed to secure student data. The audit found no deficiencies in internal controls and “no significant noncompliance with legal provisions.”
The audit recommended the Department no longer collect social security numbers as part of the MOSIS data collection, and securely remove all data that is no longer needed. The Department agreed with the recommendation and will remove optional social security numbers in the MOSIS data collection component by June 30, 2016. Department staff agrees that this is no longer a necessary collection field as it was historically collected for determining A+ scholarship eligibility, but that responsibility now falls within the Department of Higher Education. However, the auditor acknowledged the need for SSN in certain records “because of the importance of using the data when linkages are needed to other record systems, such as across education levels within a state.” The Department will also conduct periodic reviews to ensure that any personally identifiable information collected is necessary.
Other minor recommendations include requiring school districts to review user access to MOSIS. Staff will also finalize and implement the data breach policy and update the business continuity plan.
The Department agreed with each recommendation and has already implemented some of the recommendations and is in the process of implementing other changes.