Education Data Security in Kentucky

The proliferation of computer-based databases operated by Kentucky’s public school system has been very extensive, and these databases contain a large amount of sensitive information on students, parents and school employees. Examples of that sensitive information include: social security numbers, test scores, eligibility for free and reduced cost lunch, salaries, teacher evaluation materials, health conditions and the use of special education services, just to name a few items.

Clearly, it is very important to insure the security of all of this data.

To develop a better idea of the status of data security in Kentucky’s education databases, the Kentucky Legislature’s Education Assessment and Accountability Review Subcommittee (EAARS) directed the Kentucky Office of Education Accountability (OEA) to investigate the issues and provide a report as part of that agency’s 2012 research agenda.

Fortunately, the OEA’s report indicates that there has not been a large, system-wide security breech in the state’s education data systems. However, there have been incidents and the OEA found potential for other problems.

It usually takes the Kentucky Legislative Research Commission some time to formally publish OEA reports. Thus, because of the importance of this issue and the pending need for legislation discussed in this report, with the assistance of Kentucky State Senator Jack Westwood, co-chair of the EAARS committee and the OEA, we are making the approval draft available now. Find the approved draft of “Governance of Education Data Security in Kentucky” and the OEA’s recommendations for new legislation here.

The final report may have some minor technical changes and additions, but it should look very similar to the draft version, making the draft well worth a read to anyone interested in computer security.