In a lengthy article, Education Week shares growing concerns that student data security and sharing is highly problematic. The newspaper asked two data security experts to look at policies for three leading student data suppliers, and the findings were certainly disturbing. Some issues include:

• Use of tracking and surveillance technologies that allow third parties to gather information on students;

• Questions about the collection, use, and sharing of massive amounts of student "metadata"; and

• Criticism of the growing burden on students and families, who experts maintain are being forced to navigate an ever-shifting maze of dense vendor policies on their own.

One of the researchers says one data firm’s policies allow:

• “‘almost limitless’ sharing of student information with third parties.”

Another firm was criticized for:

• “Use of ‘cookies,’ relationships with third-party partners, and handling of the metadata.”

Sadly, Kentucky may be well behind on legal requirements for the generation and handling of sensitive student data.

A bill was introduced in the state senate (SB-224) that would address some of those education data problems, but it only got a hearing without any vote.

Another data bill, House Bill 5 was enacted, but it primarily deals with inadvertent or criminally related data security breaches and is in general for everyone, adults and children. I am not sure if this bill adequately addresses specific, student related issues for education data situations such as those identified by EdWeek.