PARENTS’ BILL OF RIGHTS FOR DATA PRIVACY AND SECURITY
Summary of Rights and Information for Parents and Students
The legislature and governor passed a group of bills that adjusted the Regents Education Reform Agenda. These bills are known collectively as the “Common Core Implementation Reform Act.” One of the key components of this act (Chapter 56, Part AA, and Subpart L, of the laws of 2014) directs the Commissioner of Education to appoint a Chief Privacy Officer (CPO). A major function of this new position is to work with school districts and parents to develop elements for a parents’ bill of rights to help ensure that student data is private and secure. The State Education Department (SED) and the CPO must also recommend regulations to establish standards for data security and privacy policies that will be implemented statewide.
The East Ramapo Central School District is issuing this summary of parents’ rights under the law. While some additional elements will be developed in conjunction with the CPO, districts, parents and the Board of Regents, this summary sets forth the key rights and information that parents should be aware of in regards to ensuring the privacy and security of their student’s educational data.
The East Ramapo Central School District is committed to ensuring student privacy and recognizes that parents, legal guardians, and persons with a parental relationship to a student are entitled to certain rights with regard to their child’s personally identifiable information, as defined by Education Law §2-d. To this end, the District is providing the following Parent’s Bill of Rights for Data Privacy and Security:
- A student’s personally identifiable information cannot be sold or released for any commercial purposes;
- Parents have the right to inspect and review the complete contents of their child’s education record;
- State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred;
- A complete list of all student data elements collected by the State is available for public review at http://www.p12.nysed.gov/irs/sirs/documentation/NYSEDstudentData.xlsx or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 89 Washington Avenue, New York 12234; and
- Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed to: Gail Piscitelli, Chief Information Officer at 105 South Madison Avenue, Spring Valley, New York 10977 or to the Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany, New York 12234. Complaints may also be directed to the Chief Privacy Officer via email at: CPO@mail.nysed.gov.
If the East Ramapo Central School District enters into a third party contract in which the service provider receives student data or teacher or principal data in order to provide a needed service for the District, supplemental information shall be developed by the District including:
- The exclusive purposes for which the student data or teacher or principal data will be used;
- How the third party contractor will ensure that the subcontractors, persons or entities that the third party contractor will share the student data or teacher or principal data with, if any, will abide by data protection and security requirements;
- When the agreement expires and what happens to the student data or teacher or principal data upon expiration of the agreement;
- If and how a parent, student, eligible student, teacher or principal may challenge the accuracy of the student data or teacher or principal data that is collected; and
- Where the student data or teacher or principal data will be stored and the security protections taken to ensure such data will be protected, including whether such data will be encrypted.
The CPO as appointed by the Commissioner must secure input from parents and other education and expert stakeholders to develop additional elements for the Parents’ Bill of Rights for Data Privacy and Security. The Commissioner of Education will also be promulgating regulations with a comment period for parents and other members of the public to submit comments and suggestions to the CPO.
In the meantime, you can access additional information and a question and answer document issued by SED at Parents’ Bill of Rights for Data Privacy and Security.
If you have any further questions or concerns, please contact Gail Piscitelli, Chief Information Officer, at 105 South Madison, Avenue, Spring Valley, New York 10977 or at (845) 577-6082.