Data Privacy & Security
Education Law § 2-d protects student personally identifiable information (PII) from unauthorized disclosure. Additionally, this law provides parents with rights regarding their child's PII. The parent fact sheet explains these rights. Questions about school policies in connection with family rights and privacy laws can be addressed to the District Data Privacy Officer,
Gary Green | Data Protection Officer | Pawling Central School District
515 Route 22 | Pawling, New York 12564
greeng@pcsdny.org
Parents' Bill of Rights
The Pawling Central School District is committed to ensuring student privacy in accordance with local, state and federal regulations and district policies.
The legislature and governor passed a group of bills that adjusted the Regents Education Reform Agenda. These bills are known collectively as the “Common Core Implementation Reform Act.” One of the key components of this act (Chapter 56, Part AA, Subpart L, of the laws of 2014) directs the Commissioner of Education to appoint a Chief Privacy Officer (CPO). A major function of this new position is to work with school districts and parents to develop elements for a parents’ bill of rights to help ensure that student data is private and secure. The State Education Department (SED) and the CPO must also recommend regulations to establish standards for data security and privacy policies that will be implemented statewide.
SED has issued a Parents’ Bill of Rights for Data Privacy and Security. The Pawling Central School District is issuing this summary of parents’ rights under the new law. While some additional elements will be developed in conjunction with the CPO, districts, parents and the Board of Regents, this summary sets forth the key rights and information that parents should be aware of in regards to ensuring the privacy and security of their student’s educational data. Parents should be aware that:
A student’s personally identifiable information cannot be sold or released for any commercial purposes;
Parents have the right to inspect and review the complete contents of their child’s education record;
State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred;
A complete list of all student data elements collected by the State is available for public review or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 89 Washington Avenue, New York 12234
Please use the following form to file a complaint about a possible breach or improper disclosure of data using this online form. This form is designed for use by Pawling central school district parents, eligible students (at least 18 years of age or older), principals, teachers, and other employees.
Federal Laws that Protect Student Data
Family Educational Rights and Privacy Act (FERPA) – The foundational federal law on the privacy of students’ educational records, FERPA safeguards student privacy by limiting who may access student records, specifying for what purpose they may access those records, and detailing what rules they have to follow when accessing the data.
Protection of Pupil Rights Amendment (PPRA) – PPRA defines the rules states and school districts must follow when administering tools like surveys, analysis, and evaluations funded by the US Department of Education to students. It requires parental approval to administer many such tools and ensures that school districts have policies in place regarding how the data collected through these tools can be used.
Children's Online Privacy Protection Rule (COPPA) – COPPA imposes certain requirements on operators of websites, games, mobile apps or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.
Questions about school policies in connection with family rights and privacy laws can be addressed to the District Data Privacy Officer,
Gary Green | Data Protection Officer
Pawling Central School District
515 Route 22 | Pawling, New York 12564
greeng@pcsdny.org | Pawlingschools.org
Unauthorized Disclosure Complaint Form
Please use the following form to file a complaint about a possible breach or improper disclosure of data using this online form. This form is designed for use by Pawling central school district parents, eligible students (at least 18 years of age or older), principals, teachers, and other employees.
Technology Related Policies
4526 Title: COMPUTER USE IN INSTRUCTION (or ACCEPTABLE USE POLICY)
4526-R(1) Title: COMPUTER USE IN INSTRUCTION (or ACCEPTABLE USE POLICY) - Regulation
8330 Title: Authorized use of school-owned materials and equipment
8630-R(1) Title: Computer Resources and Data Management - Regulation
8635-R(1) Title: Information Security Breach and Notification - Regulation
NYS Chief Privacy Officer
Chief Privacy Officer
New York State Education Department
89 Washington Avenue
Albany, New York 12234
or via email: CPO@mail.nysed.gov
For purposes of further ensuring confidentiality and security of student data, as an appendix to the Parents’ Bill of Rights each contract an educational agency enters into with a third party contractor shall include the following supplemental information:
The exclusive purposes for which the student data or teacher or principal data will be used;
How the third party contractor will ensure that the subcontractors, persons or entities that the third party contractor will share the student data or teacher or principal data with, if any, will abide by data protection and security requirements;
When the agreement expires and what happens to the student data or teacher or principal data upon expiration of the agreement;
If and how a parent, student, eligible student, teacher or principal may challenge the accuracy of the student data or teacher or principal data that is collected; and
Where the student data or teacher or principal data will be stored and the security protections taken to ensure such data will be protected, including whether such data will be encrypted.
the CPO must secure input from parents and other education and expert stakeholders to develop additional elements for the Parents’ Bill of Rights for Data Privacy and Security. The Commissioner of Education will also be promulgating regulations with a comment period for parents and other members of the public to submit comments and suggestions to the CPO.