Embedded Files
Data Privacy Agreements (DPAs)
. Education Law Section 2-d and Part 121 of the Commissioner’s Regulations state that the Parents' Bill of Rights shall also include supplemental information for each contract the educational agency enters into with a third-party contractor that receives student data or teacher or principal data. In addition, each educational agency will need to publish on its website the supplement to the bill of rights for any contract or other written agreement with a third-party contractor that will receive personally identifiable information.
To learn more about third-party contracts/agreements, go to this page.
RIC One ROC Centralized DPA Structure
The RIC One ROC Centralized DPA Structure is a statewide initiative designed to streamline and standardize Data Privacy Agreements (DPAs) for New York educational agencies. DPAs are agreements between schools and vendors that outline how sensitive student and staff data will be protected in accordance with FERPA, Education Law 2-d, and other applicable privacy requirements. Through collaboration with NYSED, the 12 Regional Information Centers (RICs), the Access 4 Learning Student Data Privacy Consortium (A4L SDPC), and the TEC Student Data Privacy Alliance (TEC SDPA), the RIC One ROC helps districts reduce the time and complexity associated with vendor privacy negotiations by leveraging standardized National Data Privacy Agreements (NDPAs) that incorporate New York State-specific protections and requirements. This centralized structure supports consistency, efficiency, and stronger data privacy practices across the K–12 community. Learn more at RIC One ROC.
The Registry is a centralized repository within the RIC One ROC DPA structure that allows educational agencies to view, track, and leverage approved Data Privacy Agreements (DPAs) with vendors. Through the registry, districts can identify vendors with negotiated agreements in place, review agreement details, “piggyback” onto existing DPAs when applicable, and request DPAs to be negotiated on their behalf.
Website link to the login page: SDPC Resource Registry
If you do not have access to the registry, please reach out to our service contact!
RIC One Data Privacy Inventory Tool (DPIT)
The Data Privacy Inventory Tool (DPIT) simplifies the compilation of a district’s software inventory as required by Education Law 2-d Part 121 Regulations. The DPIT provides a means for sharing a District's Parents' Bill of Rights, Supplemental information, and compliance with components of the NIST Cybersecurity Framework - Identity Function.
Website link to the login page: https://riconedpss.org/
To login to the DPIT, go to the top right-hand corner of the website and click 'Login'. If you do not have a district administrator account and would like one, please reach out to our service contact!
Page updated
Report abuse