Policy Information
Series Policies - Policy Manual

DATA SECURITY AND PRIVACY POLICY
Policy # 0002

In accordance with New York State Education Law §2-d, the District hereby implements the requirements of Commissioner’s regulations (8 NYCRR §121) and aligns its data security and privacy protocols with the National Institute for Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity Version 1.1 (NIST Cybersecurity Framework or “NIST CSF”).

In this regard, every use and disclosure of personally identifiable information (PII) by the District will benefit students and the District (for example, improving academic achievement, empowering parents and students with information, and/or advancing efficient and effective school operations).  PII will not be included in public reports or other documents.

The District also complies with the provisions of the Family Educational Rights and Privacy Act of 1974 (FERPA).  Consistent with FERPA’s requirements, unless otherwise permitted by law or regulation, the District will not release PII contained in student education records unless it has received a written consent (signed and dated) from a parent or eligible student.

In addition to the requirements of FERPA, the Individuals with Disabilities Education Act (IDEA) provides additional privacy protections for students who are receiving special education and related services.  For example, pursuant to these rules, the District will inform parents of children with disabilities when information is no longer needed and, except for certain permanent record information, that such information will be destroyed at the request of the parents.  The District will comply with all such privacy provisions to protect the confidentiality of PII at collection, storage, disclosure, and destruction stages as set forth in federal regulations 34 CFR 300.610 through 300.627.

The Superintendent or his/her designee will establish and communicate procedures for parents, eligible students, and employees to file complaints about breaches or unauthorized releases of student, teacher or principal data (as set forth in 8 NYCRR §121.4).  The Superintendent is also authorized to promulgate any and all other regulations necessary and proper to implement this policy.

 

References:

Education Law §2-d

8 NYCRR §121

Family Educational Rights and Privacy Act of 1974, 20 USC §1232(g), 34 CFR 99

Individuals with Disabilities Education Act (IDEA), 20 USC §1400 et seq., 34 CFR 300.610–300.627


Adoption Date: 2/22/2023
Policies - Policy Manual