QUFSD Data Privacy and Security Policies

8635-E PARENTS’ BILL OF RIGHTS FOR STUDENT DATA PRIVACY AND SECURITY

The Queensbury Union Free School District, in recognition of the risk of identity theft and unwarranted invasion of privacy, affirms its commitment to safeguarding student personally identifiable information (PII) in educational records from unauthorized access or disclosure in accordance with State and Federal law. The Queensbury Union Free School District establishes the following parental bill of rights:

8635 INFORMATION AND DATA PRIVACY, SECURITY BREACH AND NOTIFICATION

The Board of Education acknowledges the State's concern regarding the rise in identity theft and the need for prompt notification when security breaches occur. The Board adopts the National Institute for Standards and Technology Cybersecurity Framework Version 1.1 (NIST CSF) for data security and protection. The Data Protection Officer is responsible for ensuring the district’s systems follow NIST CSF and adopt technologies, safeguards and practices which align with it. This will include an assessment of the district’s current cybersecurity state, their target future cybersecurity state, opportunities for improvement, progress toward the target state, and communication about cyber security risk.

8630-R COMPUTER RESOURCES AND DATA MANAGEMENT REGULATION

The following rules and regulations govern the use of the district's computer network system, employee access to the Internet, and management of computerized records.

4321.5 CONFIDENTIALITY AND ACCESS TO INDIVIDUALIZED EDUCATION PROGRAMS, INDIVIDUALIZED EDUCATION SERVICES PROGRAMS AND SERVICE PLANS

The Board of Education recognizes the importance of ensuring the confidentiality of personally identifiable data pertaining to a student with a disability. Personally identifiable data will not be disclosed by any school district employee or member of a CSE/CPSE to any person (other than the parent/guardian of such student), organization or agency unless the parent or guardian of the child provides written consent; there is a valid court order for such information; or disclosure is permitted by law.

Personally identifiable data is defined in the policy on Student Records, 5500.

5500 STUDENT RECORDS

The Board of Education recognizes its legal responsibility to maintain the confidentiality of student records. As part of this responsibility, the Board will ensure that eligible students and parents/guardians have the right to inspect and review education records, the right to seek to amend education records and the right to have some control over the disclosure of information from the education record. The procedures for ensuring these rights will be consistent with state and federal law, including the Family Educational Rights and Privacy Act of 1974 (FERPA) and its implementing regulations.