#Article

6 Essential Title IX Data Management Best Practices


Because they deal with gender-based and sexual harassment, discrimination, and violence, Title IX reports should be handled with extreme care. However, many Title IX professionals feel overworked and overwhelmed (62% according to one study). To improve your Title IX data management with less effort but better results, your team needs to follow these best practices.

 

Consistent Tracking

Does your team have standard data management and storage procedures? Ensure you have policies regarding:

  • what data to keep
  • how to store Title IX data
  • the cadence at which the data should be recorded

 

For best results, enter data daily. This ensures that you don’t leave out any key details and keeps data entry from becoming an overwhelming task to tackle later.

Next, you can improve your team’s reports by using consistent naming conventions for emails, documents, and other materials. Without this consistency in how data is recorded, the reports or information you gather from them might confuse other team members, compromising their usefulness to improving your institution’s response and resolution processes.

 

READ MORE: Title IX Investigations: Step-by-Step

 

Tighter Security

Title IX data is sensitive in nature, so you need to take extra precautions to protect it from cybercriminals. However, this can make collaboration on investigations difficult.

Try these tips for better data security:

  • Require institutional logins and passwords to access shared folders and drives.
  • Use a VPN on all institution-owned devices (including laptops, desktops, tablets, and cell phones).
  • Ask your IT department for the best ways to limit access to Title IX data.
  • Log and track access of Title IX case files so you can see who viewed or edited them and when.
WEBINAR

Want more Title IX data tips?

Watch the webinar "How to Gather, Store, Review, and Share Title IX Data Effectively," featuring Andrea Stagg, Director of Consulting Services at Grand River Solutions, Inc.

Watch the Webinar

Focus on Compliance

Federal, state, and foreign laws all impact data maintenance and security practices and policies. For example, the European Union’s General Data Protection Regulation (GDPR) has an impact in how institutions of higher education in the United States maintain, use, and/or store data about individuals based in or citizens of an EU member country. Make sure your campus policies address GDPR requirements, as well as other applicable laws.

Some U.S. states also have breach notification laws (check out the list here) relating to the personal information of state residents. These vary state-by-state and may require notification to a state agency and/or the people whose information was breached.

The most important privacy law for education institutions is FERPA, the Federal Education Rights and Privacy Act. FERPA protects student records from disclosure and affords access to the records for the record owners (typically the students). Generally, if the institution retains a record about a student, the student has the right to request access to (not a copy of) the record. In addition, the institution usually can’t release student records without consent.

One key exception to this rule is when records are provided to or shared among “school officials with a legitimate educational interest.” A school official has a legitimate educational interest if they need to review it to fulfill their job responsibilities. Institutions can designate categories of people who may be included in the term “school officials,” including school employees as well as relevant consultants, volunteers, or contractors. Not all school officials will necessarily have the same level of access to student records, so data is kept as private as possible.

Finally, FERPA does not have a records retention requirement, but best practice is to set (and document) a consistent schedule for records destruction. This keeps your databases clean while protecting students.

 

READ MORE: How to Boost Your School’s Title IX Compliance Using Case Management Software

 

More Comprehensive Training for Staff

Updating your policies can only take you so far. In addition, you need to regularly train all staff involved in Title IX investigations about your institution’s records creation and retention policies. Be sure to include all of the information listed above, such as what kinds of data to keep and how to do so. Consistent, comprehensive training gets everyone on the same page, boosting efficiency and reducing your risk of mishandled data.

FREE WHITE PAPER

Does you handle Title IX data properly?

Get more insights into best practices in our free white paper "Data Management in a Title IX Environment."

Get White Paper

When you hear “data breach,” you might think of a massive event where some bad actor gains access to a lot of information. However, a breach can be as simple as sending the wrong file to someone who isn’t cleared to access the enclosed information. In the era of quick communications, where email systems auto-populate names or email addresses after a user types one or two letters, it is easier than ever to accidentally share information with unintended parties.

Mishandling Title IX data puts your institution at risk of non-compliance penalties, lawsuits from students and staff, bad press, and a reputation as a careless organization. Implementing these six best practices will improve your processes, reducing risk and helping your team achieve maximum efficiency.

 

How Case IQ Can Help

Case IQ’s partner WhistleBlower Security offers a safe, easy-to-use helpline where victims can report incidents anytime, through their preferred communication method. With our case management system, all case data is stored in one central, secure location, streamlining your investigations. You can also reduce resolution times thanks to our automated case intake, assignment, and workflows. Click here to learn more about our Title IX investigation software.