Announcing the MA DataHub - A one-stop connected and secure ecosystem
by Cedar Labs, on Aug 31, 2021 10:10:00 AM
Minneapolis, MN: Over the last decade, awareness and concerns over student data privacy issues gained attention across the United States. With 2020 came a newly heightened awareness of privacy, as nearly all students were thrown into online learning, and families had greater visibility to the technology tools their children were using. At the same time, the need for more robust interoperability has spiked as more and more technology tools are needed to provide online, hybrid, and in-person education. In Massachusetts, a partnership between the Executive Office of Education (EOE), the Student Data Privacy Consortium (SDPC), Cambridge Public Schools (CPS), and Cedar Labs was formed to address these twin needs.
The Massachusetts Data Hub is a project to create a connected and secure ecosystem, balancing the needs of privacy and interoperability in one place. The main goals of the project are to:
- Align to open data standards
- Provide an easy-to-manage toolset for districts to handle connecting their many software systems
- Leverage existing state data connections
- Meet vendors “where they are” to avoid external dependencies for project success
- Handle privacy and interoperability at the same time, in one system
Like most school districts across the country, CPS uses dozens of software systems. Like all districts in the state of Massachusetts, CPS is also required to report various student and staff data to the state’s department of education regularly throughout the year. In Massachusetts, this process of state reporting is made more efficient through a cloud-based data integration system provided by Cedar Labs. However, exchanging data with the state is just one part of the tangled mess of data connections between software systems, which school districts are responsible for maintaining. Below is a diagram of the “old way” of exchanging data.
Figure 1: A rough diagram of typical data exchange architecture in schools
MA EOE, CPS, and Cedar Labs began to explore a way to leverage the existing data connection between the district and the state to branch the flow of data not just for state reporting, but to all of the many systems that CPS needs to keep updated with current data. Because state reporting in Massachusetts is done using the open Schools Interoperability Framework (SIF) standard, this creates an opportunity for all vendors in the ecosystem to speak a shared, freely available language for data, meaning no key data elements will be left out of the picture. Similarly, because Access for Learning, the organization that provides the SIF standard, is also the parent organization for the fast-growing Student Data Privacy Consortium (SDPC), this was a perfect opportunity to realize the SDPC vision of an ecosystem that was both connected and secure, by including both data and privacy “over the wire.”
“Interoperability, without embedded privacy, actually increases risk.” reports Steve Smith, Chief Information Officer at CPS and Founder of the SDPC, “School districts need an easier way to take control of their data, both to make sure that software vendors only get access to the data they need, and to make sure those vendors acknowledge the privacy and security obligations they agreed to in their contract.”
A pilot project was designed, which took advantage of Cedar Labs’ “hub and spoke” architecture to branch this state reporting data connection and create an easy-to-manage data integration platform for school districts. CPS began approaching vendors to participate in the pilot project. However, they quickly ran into roadblocks - vendors either were strapped for time and resources and unwilling to deviate to adopt an open standard for importing data, or vendors reported that they followed an open standard but in actuality, the vendors required significant adaptations to that standard in order to exchange data. Yet again, the bulk of the effort for data integration was being left to the school district to manage.
However, Cedar Labs technology includes the ability to transform data, in real-time, between different and otherwise incompatible data formats. So, Cedar Labs employed this technology to create a data hub service that districts can easily manage. The Data Hub leverages the open standards that districts are using to communicate data for state reporting but doesn’t mandate that vendors consuming data also subscribe to these standards. This “meet them where they are” approach reduces the risk to CPS because the district is no longer dependent on vendors being willing to make changes to their systems in order to participate. Data are translated in real-time, as they are exchanged between systems, and the “hub and spoke” approach still means that districts connect to each system only once, rather than having to manage multiple connections to each software system that consumes or shares data with multiple other systems. Below is a diagram showing how the “district hub” and the “state hub” work in tandem to provide data to all the various software systems that both the district and the state need to exchange data with.
Figure 2: Massachusetts Data Hub
Because this centralized system can flexibly manage all the district’s data connections, it can also provide a privacy layer that blankets all of the district’s handling of confidential student information. Cedar Labs, in partnership with Access for Learning (A4L) and the SDPC, built privacy directly into the Data Hub. Districts can continue to manage their contracts using the SDPC Registry, and the Registry’s open API provides this information to the Data Hub. In addition to giving the district a single place to go to manage both data interoperability and privacy, the Data Hub also allows privacy-focused vendors to participate in the exchange of the Privacy Obligation Document (POD). The POD is a separate set of metadata, that communicates the specifics of the privacy obligations each vendor is contractually bound to and ensures acknowledgment of those obligations by the vendor before they receive data. This split-second exchange and acknowledgment provide school districts, students, and parents with the assurance that their data privacy will be protected.
PODs contain all the required privacy metadata in a standard, industry-accepted format. These obligations are driven by national and state laws as well as local requirements. The obligations are driven by Data Privacy Agreements (DPAs) executed by and between the LEA and Provider. The DPAs contain references to all applicable state and federal laws, technical obligations, and security requirements where applicable. This will ensure that privacy and interoperability can be managed at the same time, bringing much-needed support to districts trying to keep up with the demands of exchanging data across their growing software infrastructure, while protecting the privacy of sensitive student, parent, and staff information.
Steps are underway to extend this technology to districts across Massachusetts, and then the country.
About Cedar Labs: Cedar Labs is an education software company based in Minneapolis, MN, focusing on education data integration and data privacy. Founded by educators in 2013, Cedar Labs serves over 3 million students across the globe, and supports the open standards and privacy movements in education through its leadership in organizations such as A4L and SDPC.
About Cambridge Public Schools: Educating about 8,000 students JK-12, the Cambridge Public Schools includes award-winning faculty, cutting edge technology, and innovative programs. While each of our public schools is unique, they are joined in a shared vision of rigorous, joyful, and culturally responsive learning plus personalized support for every student. Over 30% of CPS students speak a language other than English at home, and over 65 languages are spoken by our families. Among the most common are Spanish, Haitian Creole, Amharic, Arabic, Bengali, Chinese, and Portuguese. Our schools proudly embrace this diversity.
About the Student Data Privacy Consortium (SDPC): The SDPC is a unique collaborative of schools, districts, regional, territories and state agencies, policymakers, trade organizations, and marketplace providers addressing real-world, adaptable, and implementable solutions to growing data privacy concerns. The Consortium also leverages work done by numerous partner organizations but focuses on issues being faced by “on-the-ground” practitioners.
For more information, contact: