By using this site you agree to the following terms and conditions.
The attached document outlines the user’s responsibility for handling confidential student information that is uploaded to or downloaded from the Department of Education and Early Learning’s (DEEL) Children Information and Provider System portal (hereby referred to as “CHIPS”). DEEL maintains the confidentiality and security of records in compliance with the Family Educational Rights and Privacy Act of 1974 (FERPA) which pertains to the security and privacy of personally identifiable data (i.e. “confidential data”). Any unauthorized or illegitimate use of systems, databases or data may result in disciplinary action up to and including contract termination, criminal prosecution, and/or civil action.
As a CHIPS user, I commit to the following to protect the confidentiality of student information:
- I will read and abide by the data sharing requirements set forth between DEEL and my agency.
- I will comply with the re-disclosure limitations set forth in FERPA, including 34 C.F.R. § Part 99.33.
- I will not publish, present, or disclose analyses or reports for public consumption containing confidential data to external parties that include a cell size of less than ten (10).
- I will maintain information in such a manner as to prevent access, viewing, copying, or printing by unauthorized individuals, in either hard copy or electronic format.
- I will only view, obtain, disclose, or use the CHIPS information that is necessary to perform my assigned duties.
- I will not share or make known to others my CHIPS and other personal or system passwords.
- I will enter my password each time I access CHIPS; I will not use the browser store password functionality.
- I will log out of my CHIPS account when not in use.
- I will not leave unattended any computer that has CHIPS “open and running”.
- I will only access CHIPS on a computer that requires users to be uniquely identified and authenticated; operates with a firewall and current anti-virus software; and is connected through a private, password-protected wireless network (users many not connect via a public Wi-Fi unless done so through a VPN).
- I will only access CHIPS in a secure location in which private data may not be visible to unauthorized users.
- I will not email or otherwise exchange confidential data downloaded from the CHIPS site through non-secure means (e.g., unprotected jump drives, non-encrypted data through electronic or physical mail, etc.).
- I will store electronic versions of confidential data downloaded from or uploaded to CHIPS in a secure, limited-access electronic file location.
- I will encrypt all confidential data carried on mobile computers/devices.
- I will store hard copies of confidential information in a secure location (e.g. locked file cabinet).
- I will securely and permanently destroy all confidential data in accordance with the proper governing data sharing and retention policies communicated to me by my DEEL Program Contact.
- I will notify my DEEL Program Contact within one hour if I become aware of or suspect a data security breach. As part of this notification, I will report: (1) the name, job title, and contact information of the person reporting the incident; (2) the name, job title, and contact information of the person who discovered the incident; (3) date and time the incident was discovered; (4) nature of the incident (e.g., system level electronic breach, an electronic breach of one computer or device, or a breach of hard copies of records; (5) a description of the information lost or compromised; (6) name of electronic system and possible interconnectivity with other systems; (7) storage medium from which information was lost or compromised; (8) controls in place to prevent unauthorized use of the lost or compromised information; (9) number of individuals potentially affected; and (1) whether law enforcement was contacted.
- I will notify my DEEL Program Contact to terminate my account if I no longer have a legitimate business need to access the CHIPS site.
- I understand that DEEL reserves the right to deactivate my CHIPS access at any point.
  FERPA specifically defines the term “personally identifiable information” as including, but not limited to, “[t]he student’s name; the name of the student’s parent or other family members; the address of the student or student’s family; a personal identifier, such as the student’s Social Security Number, student number, or biometric record; other indirect identifiers, such as the student’s date of birth, place of birth, and mother’s maiden name; other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty; and information requested by a person who the educational agency or institution reasonably believes knows the identity of the student to whom the education record relates.“ (34 CFR § 99.3)
 Excludes analyses provided to Seattle Public Schools using district-provided data.