Cloud Computing and Education in the State of Kentucky

Cloud Computing and Education in the State of Kentucky

Kentucky HB 232 is a student data privacy law that was enacted in 2014. As online access and communication continue to play an essential role in the manner in which many K-12 students around the country pursue their respective educational careers, HB 232 was passed for the purpose of regulating the personal information and data that students share with cloud computing service providers when attending school. With this being said, the law both provides a clear and concise definition of the terms cloud computing and cloud computing service providers, and also outlines the responsibilities that these service providers have as it concerns protecting the confidentiality of student data.

How is a cloud computing service defined under the law?

Under Kentucky HB 232, a cloud computing service is defined as “a service that provides, and that is marketed and designed to provide, an educational institution with account-based access to online computing resources.” Alternatively, the law defines a cloud computing service provider as “any person other than an educational institution that operates a cloud computing service.” To this point, the law defines an educational institution to mean “any public, private, or school administrative unit serving students in kindergarten to grade twelve”, while a person is defined as “an individual, partnership, corporation, association, company, or any other legal entity.”

What are the duties of cloud computing service providers?

The student data protection and privacy responsibilities that cloud computing services providers and other associated entities have under the provisions of Kentucky HB 232 include:

What data elements are protected under the law?

The data elements concerning K-12 students within the state of Kentucky that are legally protected from unauthorized access, use, and disclosure under HB 232 include but are not limited to:

Student data privacy and redaction

When looking to comply with legislation such as Kentucky HB 232, automatic redaction software can be used to safeguard the integrity and confidentiality of student records and information. These redaction software programs allow educational institutions to render student data inaccessible, ensuring that it won’t be able to fall into the hands of cybercriminals and other bad actors. What’s more, as these software programs contain automatic functionality, educators can also save valuable time and resources when protecting student data and privacy, instead of allocating these resources to other areas of education such as the pursuit of post-secondary educational opportunities.

Just as the advent of cloud computing has altered the manner in which professionals handle their responsibilities and tasks in the business world, the technology has also changed the way in which students pursue their education. To this end, Kentucky HB 232 gives parents within the state the peace of mind that the personal privacy of their school-aged children cannot be infringed upon without consequence. As students do not have the means to protect themselves from the adverse effects of being involved in a cyberattack, legislation such as HB 232 is very much needed to prevent such occurrences whenever possible.

Related Reads