“Personal information can only be viewed using a unique user ID and password,” said Trigg County Assistant Superintendent of Personnel and Operations Travis Hamby. “Assigned rights (to view the information) are based on job classification.”
Hamby said that student information was on a secure database, which is housed at the Kentucky Department of Education. He said that parents are asked to provide their children’s Social Security numbers to the district, but that they not required to do so. He said, though, that a high school student is not eligible for KEES (Kentucky Education Excellence Scholarship) money if the state does not have his or her number because the state uses them for reporting purposes. Hamby said that Social Security numbers are not used to identify students, and that they instead are assigned a “unique state identifier” number.
Hamby also said that district employees are frequently cautioned to not leave personal information out where it can be found or on their computer hard drives.
The possibility of student identity theft is an issue that has been in the news recently because of security breaches involving several public educational institutions, including Murray State University and Williamson County Public Schools in Franklin, Tenn.
The security breach involving the Williamson County school district is one of the most recent. The Tennessean reported on July 11 that private information about public school students had been posted on a personal website nearly a year ago and that a Williamson County high school student discovered information about himself while searching for his name on ssnbreach.org, a site maintained by the Liberty Coalition, which is a nonprofit group that promotes privacy rights and civil liberties. The district’s assessment specialist had apparently placed the files online in an attempt to transfer the data from one computer to another while working on a graduate studies project.
Aaron Titus, the Privacy Director for the Liberty Coalition, told The Cadiz Record said that universities and public schools generally do a good job safeguarding personal information for current students, but can sometimes do a poor job of keeping older information secure. He said that faculty members with access could sometimes make “shadow systems,” or duplicate copies of the information, for their own use, which can then be vulnerable to being found by people without authorization.
For the rest of this story, read this week's Cadiz Record.