If your school, district or organization signed
a Data Sharing Agreement prior to March 1st, 2017, please complete
the Addendum to the Data Sharing Agreement. Please note that Data Sharing
Agreements signed prior to March 1st, 2017 will expire December 31st,
2017. To continue access, a signed addendum is required and can be found at http://www.ohe.state.mn.us/mPg.cfm?pageID=2148
STATE OF MINNESOTA
DATA SHARING AGREEMENT BETWEEN
THE MN OFFICE OF HIGHER EDUCATION AND
A MINNESOTA PUBLIC SCHOOL DISTRICT OR DESIGNATED ENTITY
This Agreement is entered into by the Minnesota Office of Higher Education (OHE) and __________________________________________ (Data Receiver) to share Free Application for Federal Student Aid (FAFSA) data via OHE’s FAFSA Completion Initiative website.
1. OHE is the state educational agency (SEA) responsible for collecting data on students enrolling in and completing postsecondary education. OHE is a state educational authority and has corresponding authority and responsibility to evaluate postsecondary education in Minnesota.
2. Data Receiver is a secondary school, school district, or designated entity that has an "established relationship" with the student for which the Data Receiver is receiving FAFSA Filing Status Information. An "established relationship" exists when the student is enrolled or has registered with or is receiving services from the designated entity in pursuit of postsecondary education.
Legal Authority for Data Sharing
3. OHE is authorized under the Family Education Rights and Privacy Act (FERPA), its Student Aid Internet Gateway (SAIG) Agreement with the U.S. Department of Education and Minn. Stat. § 13.32, subd. 3(e), to disclose otherwise private educational data regarding individual students to another entity in certain circumstances. OHE is a state educational authority as described in 34 C.F.R. § 99.31(a)(3). In accordance with 34 C.F.R. § 99.31(a)(6), FERPA permits state educational authorities to disclose educational records and personally identifiable information (PII) without prior student or parental consent to an authorized representative of the SEA, as defined by 34 C.F.R. § 99.3, for the purposes of auditing or evaluating Federally-supported education programs, or in connection with the enforcement of Federal legal requirements which relate to such programs: Provided, that except when collection of personally identifiable information is specifically authorized by Federal Law, any data collected by such officials shall be protected in a manner which will not permit the personal identification of students and their parents by other than those officials, and such personally identifiable data shall be destroyed when no longer needed for such audit, evaluation, or enforcement of Federal Legal requirements. Any such redisclosure must comply with the requirements of 34 C.F.R. § 99.35(a) and (b); this agreement and its provisions satisfy those requirements. Finally, this agreement complies with Minn. Stat. § 13.32, subd. 3(e), of the Minnesota Government Data Practices Act (MGDPA), which permits disclosure of private student data pursuant to FERPA.
4. Data Receiver is hereby designated as OHE’s authorized representative for purposes of auditing and evaluating Federal and State-supported educational programs by identifying students who have or will complete a FAFSA as defined by the U.S. Department of Education.
5. "Identifying information"/ "identifying data" shall refer to any data elements that could potentially identify a student or employee and includes data of birth, gender, and race/ethnicity.
6. "Confidential information"/ "confidential data" shall refer to any non-public information regarding an individual that can include the data elements from the FAFSA.
7. "FAFSA Filing Status Information" shall refer to the student’s last name, student’s first name and middle initial, student’s date of birth, the student’s zip code, if filed, the date the FAFSA form was submitted to the U.S. Department of Education, the date the U.S. Department of Education processed the FAFSA form, if applicable, a flag indicating the need for the FAFSA applicant to provide additional information, if applicable, a FAFSA completion status flag, as determined by OHE.
Purpose and Scope
8. The purpose of this Agreement is to give Data Receiver access to FAFSA Filing Status Information on students that the Data Receiver has an established relationship with for the purposes of identifying students who have or will complete a Free Application of Federal Student Aid (FAFSA). By sharing this data, OHE and Data Receiver will be able to identify those students who have not successfully filed a FAFSA form and can then better target counseling, filing help, and other resources to those students. FAFSA completion is essential for receiving Federal and State financial aid and identifying such students can promote college access and success by ensuring students have access to financial aid to fund their education, especially as schools assist students with personal learning plans under Minnesota Statute 120B.125.
9. OHE responsibilities. OHE will:
A. Maintain ownership of data provided under this Agreement. Data Receiver does not obtain any right in any of the data furnished by OHE.
B. Ensure that no identifying information will be transmitted through unsecured connections.
C. Create and maintain OHE’s FAFSA Completion Initiative website.
D. Populate the FAFSA Completion Initiative website on Data Receiver’s students on an ongoing, periodic basis consistent with this Agreement.
E. Limit data available to Data Receiver to students with whom the Data Receiver has an established relationship.
F. Provide Data Receiver a login and password to access to OHE’s FAFSA Completion Initiative website.
10. Data Receiver responsibilities. Data Receiver will:
A. Comply with the terms of this Agreement.
B. Maintain the integrity and quality of the data.
C. Maintain the operational, technical, and informational management of the data.
D. Through its Authorized Representative, approve individual staff access to OHE’s FAFSA Completion Initiative website in a manner consistent with governing data practices laws, including FERPA and Minn. Stat. § 13.32 (MGDPA). FERPA requires that the Data Receiver determine which staff members have a legitimate educational interest to the data shared under this agreement before granting access to OHE’s FAFSA Completion Initiative website. By approving an individual staff person for access to OHE’s FAFSA Completion Initiative Page 3
website, Data Receiver and its Authorized Representative assure that they have made this determination for that staff person.
E. Limit redisclosure of the confidential or identifying data under this Agreement to those within Data Receiver that need access to do the work under the Purpose and Scope of this Agreement.
F. Notify OHE in a timely manner when a staff person’s access to OHE’s FAFSA Completion Initiative website should be revoked because they no longer have a legitimate educational interest for any reason, including but not limited to change of job responsibilities or departure or termination from Data Receiver’s employment.
G. Not give others outside Data Receiver access to OHE’s FAFSA Completion Initiative website or identifying or confidential information retrieved via OHE’s FAFSA Completion Initiative website. This does not limit the rights of the student or parent to request access to their personal FAFSA Filing Status Information from the Data Receiver under FERPA or MGDPA.
Data Practices Provisions
11. OHE and Data Receiver each agree to abide by the provisions of the MGDPA, Minnesota Statutes Chapter 13, and any and all other applicable state and federal laws governing the data shared pursuant to this Agreement and all data created, collected, received, stored, used, maintained, or disseminated by OHE under this Agreement. Each party is individually responsible for compliance with laws and regulations governing or affecting the collection, storage, use, sharing, disclosure and dissemination of private data.
12. Data Receiver agrees to use the data it receives only to the extent necessary to complete the work under the Purpose and Scope of this Agreement. Data Receiver will not use the identifying or confidential data for any other purpose.
13. Data Receiver and its contractors and agents will comply with the minimum necessary collection rule set forth in the MGDPA. The collection, creation, use, maintenance, and disclosure by Data Receiver of data on individuals will be limited to that necessary for the administration and management of programs specifically authorized by the legislature or mandated by the federal government. See Minn. Stat. § 13.05, subd. 3.
14. Data exchanged under this Agreement may not be duplicated, disseminated or used by Data Receiver for another purpose or program. All copies of data of any type, including any modifications or additions to data from any source that contains information regarding individuals, are subject to the provisions of this Agreement in the same manner as the original data.
15. Data Receiver agrees that only those employees, contractors, and agents who need to have access to data provided under this Agreement because they are conducting work directly related to the Purpose and Scope of this Agreement. Data Receiver agrees to provide OHE with a list of staff members currently assigned to the FAFSA Completion Initiative upon request.
16. Data Receiver agrees that all employee, contractors, and agents who receive data provided pursuant to this Agreement will agree in writing to comply with all applicable data practices, data privacy laws and regulations and are familiar with such requirements through training on FERPA and MGDPA.
17. All employees, contractors, and agents of Data Receiver who have access to the data shared under this Agreement will comply with all applicable federal and state laws with respect to the data shared under this Agreement.
18. Data Receiver agrees that all individuals having access to data under this Agreement are subject to adequate supervision to ensure compliance with applicable federal and state data practices laws.
19. Data Receiver will use reasonable efforts to store and process all data collected, created, used, maintained, or disclosed in such a way that unauthorized persons cannot retrieve the information by means of a computer, remote terminal, or any other means. Data Receiver will use appropriate safeguards to prevent use or disclosure of identifying or confidential data on individuals by its employees, contractors, and agents, including but not limited to implementation of administrative, physical, and technical safeguards to reasonably and appropriately protect the privacy and integrity of individual-level data that it creates, receives, maintains or transmits under this Agreement.
20. Data Receiver will report any known data security or data privacy incidents to OHE as soon as they become known. For purposes of this Agreement, security incident means the unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in the FAFSA Completion Initiative. Privacy incident means violation of the MGDPA or any other applicable state or federal data practices laws, including, but not limited to, improper and/or unauthorized use or disclosure of protected information and breach of security of information as defined by Minnesota Statutes, Section 13.055. This report must be made in writing and submitted to the authorized representatives after the security or privacy incident is discovered by Data Receiver.
21. Data Receiver will destroy data received pursuant to this Agreement when it is no longer needed for evaluation of its education programs.
22. In general, proper destruction methods may include, but are not limited to:
- For personally identifiable information on paper records: shredding, burning, pulping, or pulverizing the records so that the personally identifiable information is rendered essentially unreadable, indecipherable, and otherwise cannot be reconstructed.
- For personally identifiable information on electronic media: cleaning (using software or hardware products to overwrite media with non-sensitive data), purging (degaussing or exposing the media to a strong magnetic field in order to disrupt the recorded magnetic domains), or destroying the media (disintegration, pulverization, melting, incinerating, or shredding).
- Other methods of disposal also may be appropriate, depending on the circumstances. Organizations are encouraged to consider the steps that other data professionals are taking to protect student privacy in connection with record disposal.
23. If OHE determines that Data Receiver has violated this Agreement, OHE reserves the right to request that Data Receiver destroys all data received under this Agreement.
24. Data Receiver will use a secure method of destruction that prevents inadvertent release of any data and protects the privacy and confidentiality of the data before, during, or after the destruction process. Page 5
25. After Data Receiver has destroyed any data, Data Receiver will send a letter to OHE’s Authorized Representative that confirms the method and date of the data destruction.
26. OHE retains the right to conduct audits or other monitoring of Data Receiver’s policies, procedures, and systems related to storage and analysis of data received under this Agreement. Data Receiver agrees to allow OHE reasonable access if OHE conducts any audit or monitoring.
27. Non-Financial Understanding. This Agreement is a non-financial understanding between OHE and Data Receiver. No financial obligation by or on-behalf of either of the parties is implied by the party’s signature at the end of this agreement.
28. Liability. No party will be liable for violations of any applicable laws, or the terms of this Agreement, indirectly or directly arising out of or resulting from, or in any manner attributable to the actions of the other party.
29. Transfer. No party may assign or transfer any rights or obligations under this Agreement without prior written consent of the other party.
30. Amendment. Any amendments to this Agreement shall be in writing and shall be executed as an amendment to the Agreement.
31. Cancellation. This Agreement may be canceled by any party at any time, with or without cause, upon thirty (30) days written notice to the other parties. Each party specifically reserves the right to immediately cancel this Agreement should a party, in its sole discretion, determine that identifying or confidential student information has been released in a manner inconsistent with this Agreement or has not been maintained in a secure manner.
32. Authorized Representatives.
OHE Authorized Representative:
Financial Aid Research Analyst
Office of Higher Education
1450 Energy Park Drive, Suite 350
St. Paul, Minnesota 55108
Data Receiver Authorized Representative:
Email Address: Page 6
33. Effective Dates. The terms of this Agreement shall take effect upon signature of both parties and will remain in effect until December 31, 2017.
The parties have caused this Agreement to be duly executed, intending to be bound by it.
Office of Higher Education:
Lawrence J. Pogemiller Date Commissioner
Minnesota Office of Higher Education
(Principal, Superintendent or Other Executive)
Return Signed Agreement to:
Manager, State Financial Aid Programs
MN Office of Higher Education
1450 Energy Park Drive, Suite 350
Saint Paul, MN 55108
Attn: Meghan Flores
Please keep a copy for your records.
INDIVIDUALS ACCESSING OHE FAFSA COMPLETION INITIATIVE WEB PORTAL
The school or organization signing the FAFSA Completion Initiative data sharing agreement should list all individuals within the school or organization who require a username and password to access the FAFSA Completion Initiative web portal.
If a school district opts to access the FAFSA Completion Initiative web portal to retrieve district-level data for dissemination to its high schools, it should only list the individuals at the district office who will be accessing the system.
Name of Individual(s) Accessing System