Policies and Procedures
Parents' Bill of Rights
A Parents’ Bill of Rights for Data Privacy and Security must be published on the website of each educational agency and must be included with every contract an educational agency enters into with a third-party contractor that receives personally identifiable information. Please look below to find resources that can assist you with understanding a Bill of Rights.
Parents' Bill of Rights & Supplemental Information - Data Protection and Planning RIC one Resource
Model Parents' Bill of Rights - NYSED Resource
Data Security and Privacy Policy
Part 121 of the Commissioner’s Regulations requires agencies to adopt a policy on data security and privacy by October 1, 2020. Additionally, the law requires agencies to publish the policy on the district’s website. To learn more about this requirement, please look take a look at the resources below.
Data Security and Privacy Policy - Data Protection and Planning RIC one Resource
Draft Data Security and Privacy - NYSED Resource
Unauthorized Disclosure Complaint Procedure
Educational agencies must establish and communicate to parents, eligible students, principals, teachers, and other staff of educational agency procedures to file complaints about breaches or unauthorized releases of student data and/or protected teacher or principal data. To learn more about this requirement, please look take a look at the resources below.
Unauthorized Disclosure Complaint Procedure - Data Privacy and Security Planning RIC one Resource
Incident Response and Notification
Educational agencies will need to report every discovery or report of a breach or unauthorized release of a student, teacher, or principal data to the Chief Privacy Officer and notify impacted stakeholders. To learn more about this requirement, please look take a look at the resources below.
Incident Reporting & Notification - Data Protection and Planning RIC one Resource
Helpful links: