Privacy and Ed Law 2-D
As a parent, you may be aware the New York State Education Department is making a stronger push to monitor the efficacy of school districts in meeting the mandates set forth by part 121 of Education Law 2-D. These actions are being taken by the state to ensure that student (and some teacher) data privacy is being regarded with the utmost security, both in-district and by any approved third parties.
District Data Protection Officer
Judy Hockley, [email protected]
Johnson City High School
666 Reynolds Road
Johnson City, NY 13790
Data Privacy & Security Board Policies
The Board of Education acknowledges the heightened concern regarding the rise in identity theft and the need for secure networks and prompt notification when security breaches occur. The Board adopts the National Institute for Standards and Technology Cybersecurity Framework Version 1.1 (NIST CSF) for data security and protection. The Superintendent/designee is responsible for ensuring the district’s systems follow NIST CSF and adopt technologies, safeguards and practices which align with it. This will include an assessment of the district’s current cybersecurity state, their target future cybersecurity state, opportunities for improvement, progress toward the target state, and communication about cyber security risk. To read the rest of these policies, use the two links below.
8635 Information and Data Privacy, Security, Breach and Notification
8635-R Information and Data Privacy, Security, Breach and Notification Regulations
Federal Laws that Protect Student Data
Protection of Pupil Rights Amendment (PPRA) – PPRA defines the rules states and school districts must follow when administering tools like surveys, analysis, and evaluations funded by the US Department of Education to students. It requires parental approval to administer many such tools and ensures that school districts have policies in place regarding how the data collected through these tools can be used.
Family Educational Rights and Privacy Act (FERPA) – The foundational federal law on the privacy of students’ educational records, FERPA safeguards student privacy by limiting who may access student records, specifying for what purpose they may access those records, and detailing what rules they have to follow when accessing the data.
Children's Online Privacy Protection Rule (COPPA) – COPPA imposes certain requirements on operators of websites, games, mobile apps or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.
Opt-Outs & Complaints
Parents’ Bill of Rights for Data Privacy and Security
Johnson City Central School District is committed to protecting the privacy and security of student, teacher and principal data. In accordance with New York Education Law § 2-d, JCCSD wishes to inform the community of the following:
- A student’s personally identifiable information cannot be sold or released for any commercial purposes;
- In accordance with FERPA, Section 2-d, and Board Policy 5500 Student Records, parents have the right to inspect and review the complete contents of their child’s education record;
- State and federal laws protect the confidentiality of personally identifiable information and safeguards associated with industry standards and best practices, including, but not limited to, encryption, firewalls, and password protection must be in place when data is stored or transferred.
- New York State, through the New York State Education Department, collects a number of student data elements for authorized uses. A complete list of all student data elements collected by the State is available for public review at http://www.nysed.gov/common/nysed/files/programs/data-privacy-security/inventory-of-data-elements-collected-by-nysed_0.pdf. Parents may also obtain a copy of this list by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 89 Washington Avenue, Albany, N.Y. 12234.
- Parents have the right to submit complaints about possible breaches of student data or teacher or principal APPR data. Any such complaint must be submitted, in writing, to: Superintendent of Schools, 666 Reynolds Road, Johnson City, NY 13790. Additionally, parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed to: Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany, NY 12234; the e-mail address is [email protected]. SED’s complaint process is under development and will be established through regulations from the department’s chief privacy officer, who has yet to be appointed.
Supplemental Information: Third-party Contractors
In the course of complying with its obligations under the law and providing educational services, Johnson City Central School District has entered into agreements with certain third-party contractors. Pursuant to such agreements, third-party contractors may have access to “student data” and/or “teacher or principal data” as those terms are defined by law.
Each contract JCCSD enters into with a third-party contractor, where the third-party contractor receives student data or teacher or principal data, will include the following information:
• The exclusive purposes for which the student data or teacher or principal data will be used.
• How the third-party contractor will ensure that the subcontractors, persons or entities that the third-party contractor will share the student data or teacher or principal data with, if any, will abide by data protection and security requirements.
• When the agreement expires and what happens to the student data or teacher or principal data upon expiration of the agreement.
• If and how a parent, student, eligible student, teacher or principal may challenge the accuracy of the student data or teacher or principal data that is collected.
• Where the student, teacher or principal data will be stored (described in such a manner as to protect data security), and the security protections taken to ensure such data will be protected, including whether such data will be encrypted.
Supplemental Information: Software List
Education Law 2-d requires each NYS educational agency to post supplemental information for each contract where a third-party contractor receives student data and/or teacher or principal data from JCSD. A list of contracts to which this applies is available by clicking the title link.
Awareness Training
The Educator's Guide to Student Data Privacy
Ed Law 2d Overview
Johnson City Staff Vector Training Courses