The Board of Regents adopted Part 121 of the Regulations of the Commissioner of Education on January 13, 2020. These rules will implement Education Law Section 2-d and provide guidance to educational agencies and their third-party contractors on ways to strengthen data privacy and security to protect student data and annual professional performance review data. The regulation went through multiple sets of revisions and three rounds of public comments and will go into effect January 29, 2020. It will apply to both charter and traditional public schools. We thank the members of the Data Privacy Advisory Council, implementation planning and drafting workgroups that supported the Department’s Chief Privacy Officer, Temitope Akinyemi, through this process.
Privacy and Security for Student Data and Teacher and Principal Data 5676- The NYSSB/NYSSD are committed to maintaining the privacy and security of student data and teacher and administrator data and will follow all applicable laws and regulations for the handling and storage of this data in the NYSSB/NYSSD and when disclosing or releasing it to others, including, but not limited to, third-party contractors. The NYSSB/NYSSD adopts this policy to implement the requirements of Education Law Section 2-d and its implementing regulations, as well as to align the NYSSB/NYSSD's data privacy and security practices with the National Institute for Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity (Version 1.1). With regard to personnel and business practices, this procedure is intended to supplement current policy/procedures regarding PII.
Supplemental Information
We are compiling the following information about each agreement between DISTRICT and an outside party that receives protected student data, or protected principal or teacher data, from the district: (1) the exclusive purposes for which the data will be used, (2) how the contractor will ensure that any subcontractors it uses will abide by data protection and security requirements, (3) when the contract expires and what happens to the data at that time, (4) if and how an affected party can challenge the accuracy of the data, (5) where the data will be stored, and (6) the security protections taken to ensure the data will be protected, including whether the data will be encrypted. The links below will take you to that information for the listed agreements. We will be updating this list as we gather additional information.
FERPA/Directory Information/Protection of Pupil Rights
Employee Training and Resources
Phil Bens
Cassadaga Valley Data Protection Officer
716-962-5155
Privacy@cvcougars.org