Data Privacy and Security

Data Privacy Officer

Mr. Scott Storms, Superintendent of Schools

Mr. Nicholas Damiani, Director of Technology

Email: ndamiani@perucsd.org Phone: 518-643-6025

Student Data Protection

Managing student data safely is of utmost importance in the Peru Central School District. Student data encompasses a wide range of sensitive information, including personal details, academic records, and health records. Safeguarding this data ensures the privacy and confidentiality of students, fostering a sense of trust between the school, students, and their families.

Family Educational Rights and Privacy Act

Annual FERPA Notification

Annual Notice for Directory Information

A Parent Guide to the Family Educational Rights and Privacy Act (FERPA)

Parent's Bill of Rights

A Parents’ Bill of Rights for Data Privacy and Security must be published on the website of each educational agency and must be included with every contract an educational agency enters into with a third-party contractor that receives personally identifiable information. The list below highlights required elements that must be included in the Parents’ Bill of Rights. To learn more about this requirement, agencies can review Part 121.3 of the Regulations and Section 3 of Education Law 2-d.
PeruCSD Parent's Bill of Rights

Data Privacy and Security Overview & Policy

Part 121 of the Commissioner’s Regulations requires agencies to adopt a policy on data security and privacy by October 1, 2020.1 Additionally, the law requires agencies to publish the policy on the district’s website. To learn more about this requirement, review Part 121.5 of the Regulations.
PeruCSD Data Privacy Policy

Personally Identifiable Information

Education Law Section 2-d and Part 121 of the Commissioner’s Regulations outline requirements for educational agencies and their third-party contractors to strengthen data privacy and security in order to protect student and annual professional performance review personally identifiable information.

PROTECTED STUDENT DATA The term “student” refers to any person attending or seeking to enroll in an educational agency, and the term “personally identifiable information” (“PII”) uses the definition provided in FERPA. The term PII includes, but is not limited to:

Student Name
Date of Birth
Parent Names
Photos
Video of Students
Student Email Address
Student Address

Student ID Number
Social Security Number
Student Medical Information
Special Education Information
Other Indirect Identifiers
Information that alone or in combination would allow a reasonable person to identify the student.

TEACHER AND PRINCIPAL DATA Personally identifiable information from the records of an educational agency relating to the annual professional performance reviews of classroom teachers or principals that is confidential and not subject to release under the provisions of Education Law §3012-c and §3012-d is subject to Education Law 2-d.

Third-Party Contract Agreement and Approved Vendor List

A third-party contractor is any person or entity, other than an educational agency, that receives student data or teacher or principal data from an educational agency pursuant to a contract or other agreement for purposes of providing services to such agency, including but not limited to data management, conducting studies, or evaluation of publicly funded programs. To learn more about this requirement, agencies can review Part 121.2, 121.3, 121.6, 121.9, and 121.10 of the Regulations.
Example of PeruCSD Third Party ContractApproved Vendor and Software ListNERIC Approved Vendor and Software List

Unauthorized Disclosure Complaint Procedures

Parents, eligible students (students who are at least 18 years of age), principals, teachers, and employees of an educational agency may file a complaint about a possible breach or improper disclosure of student data and/or protected teacher or principal data.

To submit a complaint, please download and complete the PeruCSD Unauthorized Data Disclosure/Data Breach Form. Paper forms are also available in the main office of each school and the District Office.

Completed forms may be submitted via email to the Data Protection Officer, Mr. Nicholas Damiani, at ndamiani@perucsd.org, or forms may be given directly to a building principal who will submit the form appropriately.

The District assigned Data Privacy Officer will contact the complainant by phone, email, or through Parent Square to review the complaint and initiate an investigation.
Investigations will be completed and finalized as quickly as possible. All investigations should be completed within 60 calendar days from the receipt of the complaint. If an investigation will be extending beyond the 60-day window, the complainant will be contacted about the delay and provided with an updated timeline for completion.
The Peru Central School District will keep an updated record of all complaints of data breaches or unauthorized releases of student/staff data & their disposition in accordance with applicable data retention policies, and report complaint reports & investigations as directed by NYS Ed Law 2d / Part 121 Regulations to the NYSED Chief Privacy Officer.

Additional Information and Resources

The Parent’s Guide to Student Data Privacy

The Educator's Guide to Student Data Privacy

Ed-Law 2D Parent Fact Sheet

Check out the FTC’s free online security tips and resources, and share with your friends, family, coworkers, and community

If you’re responsible for teaching kids or adults to be safe and secure online, we encourage you to use and share our resources.

Whether you need a game for a classroom activity, videos to share on social media with parents in your community, or an article to use in your workplace newsletter, you can find it here.

The best way to protect your kids online? Talk to them. While kids value the opinions of their peers, most tend to rely on their parents for help on the issues that matter most.

Here are some resources to help you get started. We hope you’ll share these with other parents in your community.