Section 3: EQAO Reporting Login Application for Private and First Nations Schools System—Access and Reporting
Appendix 3: EQAO Reporting Login Application for Private and First Nations Schools System—Characteristics and Management
Section 3: EQAO Reporting Login Application for Private and First Nations Schools System—Access and Reporting
Considerations
- Access to accounts is based on the role of the user.
- Private schools,
- may be subject to privacy legislation such as the Personal Information Protection and Electronic Documents Act (PIPEDA) , which is the federal privacy law for private-sector organizations. Private schools must also ensure fulfillment of any privacy-related obligations and directions set out in their agreement with EQAO, as well as in EQAO’s Notice of Collection, available on the agency’s website.
- located in jurisdictions outside Canada, especially those in the European territory, must ensure they follow privacy legislation in those jurisdictions.
Characteristics—General rules relating to the characteristics and management of accounts are outlined in Appendix 3 under the headings Description, Personal Information Contained, Authorized Users, Access Request, Expiration, Revocation and Scheduled Audit.
The following section provides details about the EQAO Reporting Login Application for Private and First Nations Schools System.
Roles and Responsibilities
- Access to data and reports is based on the role of the user (see Appendix 3 for details on accounts management).
- The use of personal devices—including (but not limited to) personal computers, cellphones and tablets—is strictly forbidden for accessing EQAO reports and data files. Only the school’s equipment shall be used for downloading reports and data files.
- Users from private schools are to confirm that they are the authorized users as registered in the agreement with EQAO.
- Users from First Nations schools are to confirm their identity when required by EQAO.
- Private schools and First Nations schools
- shall ensure the protection of privacy and the security of information (including personal information) that EQAO shares with them; and
- shall inform EQAO as soon as the principal who has access to the data or reports is no longer working for the school
- NOTE: The school must have the name of the current principal in the e-assessment system in order to administer EQAO assessments.
- Private schools shall be mindful that as per the agreement with EQAO, the agency, or a third party chosen by the agency, can conduct audits on the school to verify any aspect of the assessment process, during all preparatory and/or administrative activities related to the assessments.
- Principals from private schools and First Nations schools
- shall ensure they read and understand this section (Section 3) of EQAO’s Accounts Management Policy; and
- shall ensure that reports and data files shared by EQAO are used only for the purposes for which they have been shared and according to the objects of the Education Quality and Accountability Office Act (EQAO Act) and the Education Act as described in EQAO’s Notice of Collection.
Privileges—EQAO Data Reporting Tool:
Access to reports will be based on the role of the user according to the following rules:
- Provincial-level reports: Principals have access to aggregate suppressed data (aggregate data suppressing counts below 10) reports.
- School-level reports: The school’s principal account has access to unsuppressed data reports for the school.
Privileges—Data File Sharing:
Access to files will also be based on the role of the user according to the following rules:
- Provincial-level data: Access to aggregate suppressed data files is granted to principals.
- School-level data: Schools have access to their school-level data files only.
Re-identification:
- Authorized users who have access to aggregated and depersonalized information shall not attempt to re-identify any individual from the information.
Audits:
- All accounts are audited automatically every six months.
- EQAO may audit schools’ accounts at least once every year.
Security:
- PINs or passwords will be used to access reports and data files.
- Schools must ensure they comply with their privacy obligations (e.g., under PIPEDA in the case of private schools) as well as any indication outlined in EQAO’s Notice of Collection or in their agreement with EQAO.
Privacy, Incidents and Breach Management
Private and First Nations schools will respond to a privacy breach as follows:
- Note: A privacy breach occurs when personal information is deliberately or inadvertently collected, retained, used or disclosed in ways that are not in accordance with the Freedom of Information and Protection of Privacy Act (FIPPA). The following are examples of unauthorized collection, use or disclosure:
- information collected in error;
- information used for a purpose not consistent with the original purpose for collection;
- lost or misplaced personal information;
- stolen personal information (on laptops, data drives or disks);
- accidental disclosure of personal information to an unauthorized person or group; or
- deliberate disclosure of personal information to an unauthorized person or group (for fraudulent or other purposes).
- The private or First Nations school shall follow EQAO’s Privacy Breach Policy and Procedure, as directed by EQAO, ensuring at minimum that
- The breach is contained and assessed as soon as it is identified.
- The breach is reported to EQAO’s Director of Corporate and Public Affairs, EQAO, 2 Carlton Street, Suite 1200, Toronto, ON M5B 2M9; Tel.: 1-888-327-7377. Information to be included is as follows:
- the date of the incident;
- the location of the incident;
- the date the incident was discovered;
- how the incident was discovered;
- the details of the incident (what information was disclosed, how the breach occurred, etc.); and
- the actions or steps that the school has taken in response to the breach (e.g., how the school contained the breach; the persons notified).
- The school will co-operate fully with EQAO and will follow any direction from EQAO leading to the fulfillment of EQAO’s policies and procedures as well as legislation related to privacy breaches.
- Private schools must follow the General Data Protection Regulation (in the case of breaches involving individuals in the European territory as defined in the regulation), or any other privacy legislation in any jurisdiction as applicable.
- The school will implement any changes specified by EQAO to ensure similar breaches do not occur.
Appendix 3: EQAO Reporting Login Application for Private and First Nations Schools System—Characteristics and Management
Principal
Description
- Has access to EQAO reporting.
- Has access to data files.
Personal Information Contained
- Yes, has access to data files.
Authorized Users
- Principal only.
Access Request
- To request access, principals make a request to EQAO’s Information Centre. EQAO will verify their credentials prior to granting access.
Expiration
- According to the signed agreement with EQAO, if the school closes, the school must inform EQAO, and the account will be closed.
- If, after an audit, EQAO discovers misuse of the account, the account may be closed.
- If the account is not accessed for 365 days, it will be locked.
Revocation
- EQAO will revoke only if asked by the school, or if EQAO finds that the account has been used in a manner that is not in accordance with this policy or that violates FIPPA or PIPEDA.
Scheduled Audit
- An automatic audit happens every six months.
- EQAO may audit the school’s account once every year.