Data Privacy and Security

This site is designed to provide parents with information and processes related to student data privacy and security in accordance with New York State Education Law 2D. This includes the Greenwich Data Privacy and Security Policy, the Parent's Bill of Rights, Data Privacy Complaint Process and links to vendor contracts and assurances regarding the responsible use of your student's information.

Data Protection Officer

Bill Hillebrandt, Network Analyst (518) 692-9542 x5101

Data Privacy and Security Policy

In January 2020, the NYSED Board of Regents adopted Part 121 of the Commissioner's Regulations for the Strengthening of Data Privacy & Security in NYS Educational Agencies to Protect Personally Identifiable Information (PII) pursuant to Education Law sections 2-d, 101, 207, and 305. Our Board of Education Policy for Data Privacy & Security was adopted on 4/21/20.

The Greenwich Central School District policy details specific privacy protections that ensure:

  1. Every use and disclosure of personally identifiable information (PII) by Greenwich CSD shall benefit students and the district, such as improve academic achievement; advance efficient and effective school operations; empower families and students with information;

  2. Personally identifiable information (PII) shall not be included in public reports or documents;

  3. Parents, legal guardians, and eligible students (students who are age 18 or older) are afforded all the protections, where applicable, under the Family Education Rights Privacy Act (FERPA) and the Individuals with Disabilities Act (IDEA) and the federal regulations for implementing those statuates;

  4. Alignment with the National Institute for Standards & Technology (NIST) Cybersecurity Framework.

  5. Annual training and notification for employees that handle student, teacher and/or principal PII.

  6. Publication of the Greenwich data security and privacy policy on its website for its community of stakeholders.

Board of Education Policy #5676 Privacy & Security of Student Data, Teacher Data, Principal Data

Parent's Bill of Rights

The purpose of the Parents’ Bill of Rights is to provide information to parents, legal guardians, those in parental relation to students and eligible students (age 18 and older) about certain legal requirements that protect personally identifiable (PII) information pursuant to state and federal laws.

Greenwich CSD Bill of Rights for Data Privacy & Security

Third Party Vendor Contracts

Greenwich CSD may utilize vendors through paid contracted services and/or free services activated through individual user Terms of Service (click wrap) agreements for one or more technology services in the provision of its educational services. These include software, mobile or web applications, and/or web-based services.

For information about vendors that collect, process, store, or analyze personally identifiable student data or teacher/principal evaluation data to support our educational services:

2020-21 Technology Vendors' Privacy Policies & Supplemental Agreements

Inventory of Student Data Collected by the New York State Education Department

As required by New York State Education law Section 2-d, NYSED publishes a list of the data elements that it collects from NYS school districts and the purpose of the data collection.

NYSED Inventory List of Student Data Collected

Complaint Procedures for Unauthorized Data Disclosure / Data Breach

Parents, legal guardians, eligible students (students who are at least 18 years of age or attending a post-secondary institution at any age), principals, teachers, and employees of an educational agency may file a complaint about a possible data breach or improper disclosure of student data and/or protected teacher or principal data.

  1. To submit a complaint, please download & complete the Greenwich Unauthorized Data Disclosure/Data Breach Form . Paper forms are also available in the schools' main office.

  • Completed forms may be submitted by email to the Data Protection Officer, Bill Hillebrandt, (518) 692-9542 x5101 or forms may be given directly to the principal who will submit the form to Mr. Hillebrandt.

  1. Mr. Hillebrandt, or his assigned designee, will contact the complainant by phone or email to review the complaint, and inititate an investigation.

  2. Investigations will be completed and finalized in a reasonable amount of time, typically, within 60 calendar days from the receipt of the complaint. In the event the investigation needs to extend beyond 60 days, due to extenuating circumstances, the complainant will be contacted to inform them of the delay and the expected timeline for completion.

  3. Greenwich CSD will maintain a record of all complaints of data breaches or unauthorized releases of student/staff data & their disposition in accordance with applicable data retention policies, and report complaint reports & investigations as directed by NYS Ed Law 2d / Part 121 Regulations to the NYSED Chief Privacy Officer.

Additional Information & Resources:

  • For information about Federal Laws that protect Student Data (FERPA, PPRA, COPPA):

Federal Laws that Protect Student Data

  • For information about NYS Education Department's Data Privacy & Security Resources

NYSED Data Privacy & Security Resources for Families & Educators

  • For Information about the Student Privacy Pledge created through collaboration between the Future of Privacy Forum & the Software & Information Industry Association to demonstrate commitment to privacy & security protections for student data:

Student Privacy Pledge

Family Resources to learn more about how to protect your child's data: