By Tom Latek
Kentucky Today
The Kentucky Department of Education has reached a $350,000 settlement with ACT after it was found personal information about students who took the test was shared with postsecondary institutions, a violation of their contract with the KDE.
When students take the ACT, they have the option of sharing their information with postsecondary institutions through ACT’s Educational Opportunity Service, or EOS. This allows those institutions to identify students they may wish to send information to and possibly offer scholarships to upon application.
However, since the ACT is a required test for Kentucky students and all data generated from the test is owned by KDE, any information entered in this section should have been filtered out of the system and not been made available in EOS for sharing.
According to ACT, this happened due to a system updating error, resulting in student information erroneously being included in the EOS database for postsecondary access. As a result, some data gathered through the ACT were obtainable by postsecondary institutions with access to the EOS database between 2017 and 2020.
“After ACT discovered this issue, we acted immediately and coordinated with the Kentucky Department of Education,” said Catherine Hofmann, ACT vice president of state and federal programs. “ACT has removed impacted student records from the EOS database so that your data will not be shared going forward.”
They have also identified the root cause of the issue and has corrected it. After investigation, ACT is not aware of any breach or misuse of the data, said Hofmann.
“ACT values and respects the privacy of your information and apologize for this issue. We regret any inconvenience this may have caused,” she said.
Education Commissioner Jason E. Glass said he is disappointed this system error occurred but is thankful for the cooperation of ACT in working with the department to correct the issue and alert the affected students. Once ACT discovered the error, it notified every postsecondary institution that accessed the data to immediately destroy the information.
It is important to note that the data shared erroneously by ACT was marked by students as information to share with colleges, Glass stated.
“This was not a data breach or anything similar,” he explained. “No information was shared about our students that they didn’t agree to share themselves. However, the sharing of this data directly violated our contract with ACT, and we are happy to hear they have corrected the matter.”
The state is receiving the $350,000 settlement as a credit to their costs to the testing firm.
ACT will begin notifying students who were affected and their families immediately.
