Afterschool management information systems (MIS) process and store a tremendous amount of information on youth participants in order to improve policy, programs, and direct service. To implement and maintain such as system, however, those leading an MIS initiative must assure students, parents, and each of the project partners that they are responsible stewards of this sensitive information. In practice, this means providing guarantees that the data in the system are "fit for purpose" and that every reasonable precaution has been taken to prevent their misuse. Section 3 on Data Stewardship: How to Protect and Share Information (pdf) offers guidance on privacy and security issues in establishing an afterschool MIS.
There are three primary strategies that cities use to protect students' privacy as they negotiate with schools to receive access to student academic data for the purposes of evaluating and improving afterschool programs:
The first two strategies are most useful for evaluating programs and overall youth outcomes. However, if the afterschool partnership would like to allow providers access to individual student data for purposes of case management, prior written consent from each student's parent or guardian is required. These three strategies are not mutually exclusive, and each is described in more detail in the full report.
Security is the enforcement of a privacy agreement. The assurances made to students, parents, and data partners that their confidentiality will be protected are only as credible as the ability of the coordinating entity to enforce them, and the trust between local partners can be permanently broken by negligence, malfeasance or the unauthorized re-disclosure of private information. MI systems present a new set of risks in this regard, but also provide a set of tools for managing these risks. City leaders often provide the following safeguards: