Data Privacy and Security

Published: 8/22/2019 3:57 PM
​In this age of data-driven decision making, data is foundational to the success of the process.  Whether discussing student achievement, program monitoring, education funding, accountability or any other education-related conversation, data is at the center of the discussion.
The Kentucky Department of Education (KDE) is required by state and federal law to collect and store student and educator records. Information on Kentucky data collection systems.
The Department takes seriously its obligation to protect the privacy of data collected, used, shared and stored.

​KDE Policy and Documents

Review and Approval Procedures:  Agreements involving Personally Identifiable Information (PII) 
The Department has developed a review and approval process for all data requests that involve disclosure of PII.  Details on the data request process.

District Guidance on Student Information Security and Privacy (November 2014)
Topics covered include:  Links to general resources, training, uses of data, breaches in security; data sharing agreements; disclosure of student data for studies on behalf of the district and for audits, evaluation, or compliance monitoring and parent notification about and access to student records.

Data Collection Opt Out Requests (Coming soon!)
To support Kentucky school districts on data collection issues, KDE prepared this guidance for local education agencies when responding to requests that no personally identifiable information (PII) about student(s) is included in Kentucky’s data collection system(s).

State-Level Data Collection

Kentucky’s data systems collect a variety of information at the student, school and district levels that is used to support instruction, continuous improvement, district operations and for state and federal reporting. The Systems Launchpad provides information on the Kentucky Department of Education’s various data systems.

Parent/Legal Guardian Requests for Student-Level Information

Document explaining the process by which student information collected by KDE may be obtained by a parent/legal guardian.


Confidentiality Agreements and Training

Research and Evaluation Training for KDE Staff

KDE requires all employees that are involved in evaluation and/or research activities to complete the National Forum on Education Statistics, Guide to Data Ethics Online Course.  External researchers must enter into an agreement with KDE and must also sign non-disclosure forms prior to obtaining and/or using any staff or student level data from KDE. 

KDE Employee Affidavit of Non-Disclosure

KDE system users must sign an Affidavit of Non-Disclosure upon employment and annually to maintain access to data systems.  This document outlines the manner in which KDE staff is to utilize data and protect personally identifiable information.  A signed agreement form is required from all KDE staff to verify agreements to adhere to/abide by these practices.  The failure to adhere to guidelines may result in personnel action, up to and including termination.

In addition to the non-disclosure, KDE employees and district staff must be approved for access to data systems.  System access must be approved by supervisor or KDE leadership depending on the level of access being requested.


Staff Contacts:

Robert Hackworth, Chief Security Officer - email
Dede Conner, Chief Data Officer - email 
David Couch, Chief Information Officer - email 


Robert Hackworth
Office of Knowledge, Information and Data Services
Division of Engineering and Management Services
300 Sower Blvd., 4th Floor
Frankfort, KY 40601
502-564-2020 ext. 2436
Fax: 502-564-1519

Kentucky Department of Education

Other Organizations Involved with Student Data Privacy and Security:

  • Normal Font Size