Student Data Security and Privacy

Student Data Security and Privacy

Data Security button on keyboard
DATA SECURITY AND PRIVACY POLICY
Education Law Section 2-d
The District is committed to maintaining the privacy and security of student data and teacher and principal data and will follow all applicable laws and regulations for the handling and storage of this data in the District and when disclosing or releasing it to others including, but not limited to, third-party contractors.
The District adopts this policy to implement the requirements of Education Law Section 2-d and its implementing regulations, as well as to align the District's data privacy and security practices with the National Institute for Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity (Version 1.1).
 
Definition
“Protected Data” means personally identifiable data of students from student education records as defined by the Family Educational Rights and Privacy Act (FERPA), as well as teacher and Principal data regarding annual professional performance reviews made confidential under New York Education Law §3012-c and §3012-d.
 
Requirements
  1. Publication: This policy shall be published on the District's website and notice of the policy provided to all officers and employees of the District.
  2. The District shall provide the data protection, as well as the protection of parent and eligible student's right sand rights to challenge the accuracy of such data required by FERPA (20 USC §1232g), IDEA (20 USC §1400 et. Seq.) and any implementing regulations.
  3. The District hereby adopts the National Institute for Standards and Technology (NIST) Cybersecurity Framework (CSF) in accordance with the Commissioner's Regulations.
  4. Every contract or other written agreement with a third-party contractor under which the third-party contractor will receive protected student data or teacher or principal data shall include a data security and privacy plan that outlines how all state, federal, and local data security and privacy contract requirements will be implemented over the life of the contract, consistent with this policy.
  5. Nothing contained in this policy or the District's Data Security and Privacy Plan shall be construed as creating a private right of action against the District.
  6. Every use and disclosure of personally identifiable information, as defined by FERPA, shall be for the benefit of students and the educational agency. Examples of such benefit are provided in implementing regulations.
  7. The District shall not sell or disclose for marketing or commercial purposes any Protected Data, or facilitate its use of disclosure by any other party for any marketing or commercial purpose, or permit another party to do so.
  8. The District shall take steps to minimize its collection, process, and transmission of Protected Data.
  9. Except as required by law, or in the case of enrollment data, the District shall not report to NYSED Juvenile Delinquency records, criminal records, medical health records, or student biometric information.
  10. All contracts with vendors that have access to Protected Data shall comply with NIST Cybersecurity Framework.
Education Law 2-d | 8 NYCRR Part 121 | Adopted 09/28/2020
DATA PROTECTION CONTACTS

HCSD Data Protection Officer
Julie Bergman, Principal
67 Education Lane
Hancock, NY 13783
Phone: 607-637-1305
NYSED Chief Privacy Officer
89 Washington Avenue, EB 152
Albany, NY 12234
Phone: 518-474-0937
* Contacts listed are 2021-2022
REQUIRED INFORMATION
Education Law 2-d and Part 121 of the Commissioner of Education's Regulations require NYS educational agencies to publish certain information to their websites. Please note direct links to HCSD documents/pdfs are not posted because updates may result in broken/error links, which may violate the Americans with Disabilities Act.

Education Law 2-d requires each NYS educational agency to develop/publish a Parents’ Bill of Rights for Data Privacy and Security. The purpose is to provide information to parents/guardians and eligible students about certain legal requirements that protect personally identifiable information pursuant to state and federal laws. The HCSD Parents' Bill of Rights is available by clicking the title link. 

Education Law 2-d requires each NYS educational agency to publish its Data Privacy and Security Policy. HCSD’s policy is published as the introduction to this webpage (at left) and is listed in the link above as “5699 - Data Security and Privacy.”

Education Law 2-d requires each NYS educational agency to post supplemental information for each contract where a third-party contractor receives student data and/or teacher or principal data from HCSD. A list of contracts to which this applies is available by clicking the title link.
Apple App Store Google Play Store
© 2021. Hancock Central School District. All Rights Reserved.
View text-based website