Data Governance
Delaware Administrative Code
Delaware Administrative Code
200 Administration and Operations 294 Data Governance 1.0 Purpose The purpose of this regulation is to outline the criteria and process for interagency data governance and the conduction of evaluation, audits, and studies pursuant to 14 Del.C. §§121 , 122 and 4111. 29 DE Reg. 305 (10/01/25) 2.0 Definitions The words and terms, when used in this regulation, shall have the following meaning: " Department " means the Delaware Department of Education. " Longitudinal data system " means a structure and mechanism for the storage, description, management and reporting of discrete data elements and bodies of information over time. " Personally identifiable information " means information which, alone or in combination with other information, can be used to distinguish or trace an individual's identity and shall include the names and addresses of students, parents or other family members, and personal identifiers such as social security or student numbers. " P-20 Council " means the council established by 14 Del.C. §107 to coordinate educational efforts of publicly-funded programs from early care through higher education and to foster partnerships among groups concerned with public education. " Research agenda " means a roster of research questions that require shared data elements and subject to periodic review and revision. Research questions may reflect federal and state reporting requirements or may be discretionary. 29 DE Reg. 305 (10/01/25) 3.0 Longitudinal Data System Governance The longitudinal data system developed and administered by the Department is governed by the Delaware P-20 Council Data Governance Handbook, initially approved by the P-20 Council on January 10, 2012, and as may be amended from time to time. 29 DE Reg. 305 (10/01/25) 4.0 Acquisition, Use, and Disposal of Data 4.1 The Department shall collect and maintain data, including personally identifiable information, in compliance with its rights and obligations under federal and state laws. 4.2 The Department shall provide data, including personally identifiable information, to implement applicable research agendas established by the P-20 Council. 4.3 When a research agenda is established by the P-20 Council which requires the use of personally identifiable information from data collected and maintained or to be collected and maintained by the Department, a written agreement in the form prescribed by the Department shall be entered. 4.3.1 If the research agenda is to conduct a study for or on behalf of school, school district or postsecondary institutions it must be for the purpose of: improving instruction; developing, validating, or administering predictive tests; or administering student aid programs. In the case of such a study, the written agreement shall, at a minimum, do the following: 4.3.1.1 Specify the purpose, scope and duration of the study and the information to be disclosed; and 4.3.1.2 Require the organization to: use personally identifiable information only to meet the purpose of the study; limit access to personally identifiable information to those with legitimate interests; and destroy any personally identifiable information upon completion of the study and specify the time period in which the information must be destroyed. 4.3.2 If the research agenda is to conduct an audit or evaluation of a Federal or State supported education program or to enforce or comply with Federal legal requirements that relate to those education programs, as defined by the Family Educational Rights and Privacy Act, 20 U.S.C. § 1232(g) and its implementing regulations at 34 CFR part 99, the written agreement shall, at a minimum, do the following: 4.3.2.1 Designate an authorized representative; and 4.3.2.2 Specify what personally identifiable information will be disclosed and for what purpose, which purpose shall be one allowable under the provisions of the Family Educational Rights and Privacy Act, 20 U.S.C. § 1232(g) and its implementing regulations at 34 CFR part 99; and 4.3.2.3 Describe the activity to make clear it falls within an allowable purpose; and 4.3.2.4 Require the authorized representative to destroy personally identifiable information upon completion of the evaluation and specify the time period in which the information must be destroyed; and 4.3.2.5 Include policies and procedures to protect personally identifiable information from further disclosure and unauthorized use. 4.4 Any written agreement entered under this regulation shall prohibit modification or amendment except by written agreement duly executed by the parties to that agreement. 29 DE Reg. 305 (10/01/25) 16 DE Reg. 67 (07/01/12) 29 DE Reg. 305 (10/01/25)
Ask CiteLaw's AI Navigator anything about this regulation, verify citations, and research related authorities. Sign up for CiteLaw free today to get started.