Data Security and Privacy
In accordance with New York State Education Law § 2-d, the District hereby implements the requirements of Commissioner’s regulations (8 NYCRR part 121) and aligns its data security and privacy protocols with the National Institute for Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity Version 1.1 (NIST Cybersecurity Framework or “NIST CSF”).
In this regard, every use and disclosure of personally identifiable information (PII) by the District will benefit students and the District (for example, improving academic achievement, empowering parents and students with information, and/or advancing efficient and effective school operations). PII will not be included in public reports or other documents.
The District also complies with the provisions of the Family Educational Rights and Privacy Act of 1974 (FERPA). Consistent with FERPA’s requirements, unless otherwise permitted by law or regulation, the District will not release PII contained in student education records unless it has received a written consent (signed and dated) from a parent or eligible student. For more details, see Board of Education Policy No. 5500 and any applicable administrative regulations.
In addition to the requirements of FERPA, the Individuals with Disabilities Education Act (IDEA) provides additional privacy protections for students who are receiving special education and related services. For example, pursuant to these rules, the District will inform parents of children with disabilities when information is no longer needed and, except for certain permanent record information, that such information will be destroyed at the request of the parents. The District will comply with all such privacy provisions to protect the confidentiality of PII at collection, storage, disclosure, and destruction stages as set forth in federal regulations 34 CFR 300.610 through 300.627.
The Superintendent or his/her designee will establish and communicate procedures for parents, eligible students, and employees to file complaints about breaches or unauthorized releases of student, teacher or principal data (as set forth in 8 NYCRR 121.4). The Superintendent is also authorized to promulgate any and all other regulations necessary and proper to implement this policy.
Education Law § 2-d
8 NYCRR Part 121
Family Educational Rights and Privacy Act of 1974, 20 USC § 1232(g)), 34 Code of Federal Regulations (CFR) Part 99
Individuals with Disabilities Education Act (IDEA), 20 USC § 1400 et seq., 34 CFR 300.610–300.627
First Vote: 11/18/20
Second Vote: 12/2/20