PARENTS’ BILL OF RIGHTS FOR DATA PRIVACY AND SECURITY

In accord with Education Law §2-d and the Family Educational Rights and Privacy Act (“FERPA”), the District hereby establishes and adopts the following Parents’ Bill of Rights for Data Privacy and Security:

1. A student’s personally identifiable information (PII) cannot be sold or released by the District for any commercial or marketing purposes.

2. Parents have the right to inspect and review the complete contents of their child's education record including any student data stored or maintained by the District. This right of inspection is consistent with the requirements of the Family Educational Rights and Privacy Act (FERPA) and Board Policy. In addition to the right of inspection of the student’s educational record, Education Law §2-d provides a specific right for parents to inspect or receive copies of any data in the student’s educational record.

3. The rights of parents and students under FERPA can be accessed at http://www2.ed.gov/policy/gen/guid/fpco/ferpa/lea-officials.html. In addition to review, these rights include how to challenge the accuracy of the content of a student’s educational record.

4. State and federal laws protect the confidentiality of PII, safeguards associated with industry standards and best practices, including, but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred. The District is committed to implementing the aforementioned safeguards and adopting industry standards and best practices to insure the safety of the data it collects.

5. A complete list of all student data elements collected by the State is available for public review at http://www.p12.nysed.gov/irs/sirs/documentation/NYSEDstudentDATA.xlsz, or parents may obtain a copy of this list by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 89 Washington Avenue, Albany, NY 12234.

6. Parents have the right to file complaints with the District or with NYSED about possible privacy breaches of student data by the District’s third-party contractors or their employees, officers, or assignees. Complaints regarding student data breaches filed with the District should be directed to the, Data Protection Officer, Carthage Central School District, 36500 NYS Route 26 Carthage, New York 13619, dpo@carthagecsd.org 315-493-2529. Complaints to NYSED should be directed in writing to the Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany NY 12234, or via email to CPO@mail.nysed.gov.

Please note that the complaint process is currently under development and has not yet been finalized, and that the State Education Department’s Chief Privacy Officer has not yet been appointed.

7. For purposes of further ensuring confidentiality and security of student data, as well as the security of personally-identifiable teacher or principal data, this Parents’ Bill of Rights and the following supplemental information shall be included in each contract that the District enters into with a third-party contractor with access to this information:

a) The exclusive purposes for which the student, teacher or principal data, will be used;

b) how the third party contractor will ensure that the subcontractors, persons or entities that the third party contractor will share the student data or teacher or principal data with, if any, will abide by data protection and security requirements;

c) when the agreement with the third party contractor expires and what happens to the student data or teacher or principal data upon expiration of the agreement;

d) if and how a parent, student, eligible student, teacher or principal may challenge the accuracy of the student, teacher or principal data that is collected; and

e) where the student, teacher or principal data will be stored (described in such a manner as to protect data security), and the security protections taken to ensure such data will be protected, including whether such data will be encrypted.

8. A parent, student, eligible student, teacher or principal may challenge the accuracy of the student’s data or principal or teacher data collected by the District by filing a written request with the Assistant Superintendent at the address noted above.

9. All agreements with third party contractors who have been or are to be provided with confidential data subject to this Bill of Rights will insure that the subcontractors, persons or entities that the third party contractor will share the aforementioned data with, if any, will abide by data protection and security requirements. The District has entered into contracts with certain third party contractors who have been provided data regarding students, teachers, and/or principals. The information mandated by law about such contractors appears in on our website.

10. This Bill of Rights is subject to change based on Regulations to be promulgated by the Commissioner of Education and/or the State Education Department’s Chief Privacy Officer.

If you would like more information, please contact: the Data Protection Officer, Carthage

Central School District, 36500 NYS Route 26 Carthage, New York 13619,

dpo@carthagecsd.org 315-493-2529.

Ref: Education Law §2-d

20 U.S.C. §1232 g

Report an Improper Breach and/or Unauthorized Disclosure Complaints

Complaints regarding student data breaches filed with the District should be submitted in person, by completing this form to the Carthage Central School District Privacy Officer, Robert Dening.

A complaint can also be submitted to the New York State Chief Privacy Officer using this online form.

Student Privacy FERPA Notice

Carthage Central School District is required to annually notify parents of their rights under FERPA; that information can be found in our BoardDocs policy tab. Under FERPA, the District may identify certain data elements as Directory Information, which may be disclosed without obtaining prior parental consent. The data identified as Directory Information by our District is:

student’s name
address
telephone number
email address
date and place of birth
name of the student’s parents
major field of study
participation in officially recognized sports and activities
weight and height of members of athletic teams
dates of attendance
degrees
awards received
most recent previous educational agency attended by the student
photographs
video images of students engaged in routine activities

Student Directory Information

The District shall publish an annual public notice informing parents or eligible students (i.e., a student eighteen (18) years of age or older or who is attending an institution of post-secondary education) of the District's definition of directory information, the parent/eligible student's right to refuse the release of student directory information and indication of the time period for their response. (Directory information is information contained in an education record of a student that would not generally be considered harmful or an invasion of privacy if disclosed.) Following such public notice and a reasonable response period, the District may release such information to an outside group without individual consent.

The Family Educational Rights and Privacy Act (FERPA) defines student directory information as any of the items as indicated in the following list. The Carthage Central School District will release the following defined directory information as checked below:

name
address
telephone listing
date and place of birth
major field of study
grade level
participation in sports and activities
weight and height (for members of athletic teams)
dates of attendance
honors, degrees and awards
email address
photograph
name of educational institution previously attended

Directory information does not include:

a) A student's social security number; or

b) A student's identification (ID) number, except as provided below.

Directory information includes a student ID number, user ID, or other unique personal identifier used by the student for purposes of accessing or communicating in electronic systems, or that is displayed on a student ID card or badge, but only if the identifier cannot be used to gain access to education records except when used in conjunction with one or more factors that authenticate the user's identity, such as a personal identification number (PIN), password, or other factor known or possessed only by the authorized user. Parents and eligible students may not, by opting out of disclosure of directory information, prevent a school from requiring a student to wear or present a student identification card or a badge that displays information that may be directory information.

Limited Directory Information Disclosure

Limited Directory Information Disclosure means that that the District may limit disclosure of its designated directory information to specific parties, for specific purposes, or both. Allowing limited directory information disclosure may permit the District to use student directory information for such limited purposes as school yearbooks, honor roll lists, graduation programs, playbills and other similar uses, without obtaining individual consent. Limiting the disclosure of such information may be beneficial when the District perceives such disclosure as putting students at risk of becoming targets of marketing campaigns, news media or possible victims of criminal acts. The District shall limit its disclosure of its designated directory information as specified in its public notice to parents and eligible students.

Military Recruiter Access

The release of student directory information is not to be confused with the release of names, addresses and telephone listings of eligible students (i.e., a student seventeen (17) years of age or older or in the eleventh grade (or its equivalent) or higher) to Military Recruiters. In compliance with the Elementary and Secondary Education Act (ESEA) of 1965, as amended by the No Child Left Behind Act of 2001 (NCLB), and the National Defense Authorization Act, the School District shall notify parents that by law it routinely releases this information to Military Recruiters upon request subject to a parents'/eligible students' request not to disclose such information with written parental verification of such request.

Page updated

Report abuse