Download as PDF
365.734 Prohibited uses of personally identifiable student information by cloud
computing service provider -- Administrative regulations.
(1)
(2)
(3)
(4)
As used in this section:
(a) "Cloud computing service" means a service that provides, and that is marketed
and designed to provide, an educational institution with account-based access
to online computing resources;
(b) "Cloud computing service provider" means any person other than an
educational institution that operates a cloud computing service;
(c) "Educational institution" means any public, private, or school administrative
unit serving students in kindergarten to grade twelve (12);
(d) "Person" means an individual, partnership, corporation, association, company,
or any other legal entity;
(e) "Process" means to use, access, collect, manipulate, scan, modify, analyze,
transform, disclose, store, transmit, aggregate, or dispose of student data; and
(f) "Student data" means any information or material, in any medium or format,
that concerns a student and is created or provided by the student in the course
of the student's use of cloud computing services, or by an agent or employee
of the educational institution in connection with the cloud computing services.
Student data includes the student's name, e-mail address, e-mail messages,
postal address, phone number, and any documents, photos, or unique
identifiers relating to the student.
A cloud computing service provider shall not process student data for any purpose
other than providing, improving, developing, or maintaining the integrity of its
cloud computing services, unless the provider receives express permission from the
student's parent. However, a cloud computing service provider may assist an
educational institution to conduct educational research as permitted by the Family
Educational Rights and Privacy Act of 1974, as amended, 20 U.S.C. sec. 1232g. A
cloud computing service provider shall not in any case process student data to
advertise or facilitate advertising or to create or correct an individual or household
profile for any advertisement purpose, and shall not sell, disclose, or otherwise
process student data for any commercial purpose.
A cloud computing service provider that enters into an agreement to provide cloud
computing services to an educational institution shall certify in writing to the
educational institution that it will comply with subsection (2) of this section.
The Kentucky Board of Education may promulgate administrative regulations in
accordance with KRS Chapter 13A as necessary to carry out the requirements of
this section.
Effective: July 15, 2014
History: Created 2014 Ky. Acts ch. 84, sec. 2, effective July 15, 2014.
Disclaimer: These codes may not be the most recent version. Kentucky may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.