ED LAW §2-D & DATA PRIVACY AND SECURITY
The law also requires that with each contract an educational agency enters with a third-party contractor, that receives personally identifiable information (PII), must contain a signed bill of rights and supplemental information. In turn, each educational agency will have to publish, on its website, the signed parent’s bill of rights and supplemental information to the bill of rights for each software contract.
DATA PROTECTION OFFICER (DPO)
Name: Barb Tasber
Mailing Address: 1191 NY Route 79 Windsor, NY
The Windsor CSD DATA SECURITY AND PRIVACY
RIC One District Data Privacy Inventory Tool (DPIT)
RIC One is comprised of 12 Regional Information Centers in New York State. These RICs work together with the State Education department to develop and provide services to school districts. The RIC One Data Privacy and Security (DPS) initiative supports district compliance with New York State's Common Core Reform Act, Education Law 2-d and Part 121 Regulations. One of the items created to help assist districts was the Data Privacy Inventory Tool or DPIT.
The Data Privacy Inventory Tool compiles a list of district software as required by Education Law §2-d Part 121 Regulations. It provides a means for sharing our parents' bill of rights, supplemental information and compliance with components of the NIST Cybersecurity Framework.
Key Categories of the Data Privacy Inventory Tool
Contract Source: How the software product is procured; either BOCES, District, or District - Free
Supporting Documentation: Document links or attachments to signed parent's bill or rights and supplemental information
Note: Information posted in the data privacy inventory tool is continually updated.
Federal Laws that Protect Student Data
Family Educational Rights and Privacy Act (FERPA)
(link is external
) – The foundational federal law on the privacy of students’ educational records, FERPA safeguards student privacy by limiting who may access student records, specifying for what purpose they may access those records, and detailing what rules they have to follow when accessing the data.
Protection of Pupil Rights Amendment (PPRA)(link is external)
– PPRA defines the rules states and school districts must follow when administering tools like surveys, analysis, and evaluations funded by the US Department of Education to students. It requires parental approval to administer many such tools and ensures that school districts have policies in place regarding how the data collected through these tools can be used.
Children's Online Privacy Protection Rule (COPPA)(link is external)
– COPPA imposes certain requirements on operators of websites, games, mobile apps or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.