Data Privacy and Security
Data Privacy Officer
Student Data Protection
Parent's Bill of RightsA Parents’ Bill of Rights for Data Privacy and Security must be published on the website of each educational agency and must be included with every contract an educational agency enters into with a third-party contractor that receives personally identifiable information. The list below highlights required elements that must be included in the Parents’ Bill of Rights. To learn more about this requirement, agencies can review Part 121.3 of the Regulations and Section 3 of Education Law 2-d.
PeruCSD Parent's Bill of Rights
Data Privacy and Security Overview & PolicyPart 121 of the Commissioner’s Regulations requires agencies to adopt a policy on data security and privacy by October 1, 2020.1 Additionally, the law requires agencies to publish the policy on the district’s website. To learn more about this requirement, review Part 121.5 of the Regulations.
Personally Identifiable InformationEducation Law Section 2-d and Part 121 of the Commissioner’s Regulations outline requirements for educational agencies and their third-party contractors to strengthen data privacy and security in order to protect student and annual professional performance review personally identifiable information.
PROTECTED STUDENT DATA The term “student” refers to any person attending or seeking to enroll in an educational agency, and the term “personally identifiable information” (“PII”) uses the definition provided in FERPA. The term PII includes, but is not limited to:
Date of Birth
Video of Students
Student Email Address
Student ID Number
Social Security Number
Student Medical Information
Special Education Information
Other Indirect Identifiers
Information that alone or in combination would allow a reasonable person to identify the student.
Third-Party Contract Agreement and Approved Vendor ListA third-party contractor is any person or entity, other than an educational agency, that receives student data or teacher or principal data from an educational agency pursuant to a contract or other agreement for purposes of providing services to such agency, including but not limited to data management, conducting studies, or evaluation of publicly funded programs. To learn more about this requirement, agencies can review Part 121.2, 121.3, 121.6, 121.9, and 121.10 of the Regulations.
Example of PeruCSD Third Party ContractApproved Vendor and Software ListNERIC Approved Vendor and Software List
Unauthorized Disclosure Complaint Procedures
Parents, eligible students (students who are at least 18 years of age), principals, teachers, and employees of an educational agency may file a complaint about a possible breach or improper disclosure of student data and/or protected teacher or principal data.