Student Data Privacy and Security
What is New York State Education Law 2-D
Ed Law 2-d pertains to the unathorized release of personally identifiable information.
The Board of Regents adopted Part 121 of the Regulations of the Commissioner of Education on January 13, 2020. These rules will implement Education Law Section 2-d and provide guidance to educational agencies and their third-party contractors on ways to strengthen data privacy and security to protect student data and annual professional performance review data. The regulation went through multiple sets of revisions and three rounds of public comments and will go into effect January 29, 2020. It will apply to both charter and traditional public schools. We thank the members of the Data Privacy Advisory Council, implementation planning and drafting workgroups that supported the Department’s Chief Privacy Officer, Temitope Akinyemi, through this process.
Current New York State Officers:
Louise DeCandia, Chief Privacy Officer and
Marlowe Cochran, Chief Information Security Officer
District Approved Software List
Data Privacy and Security Policies
Federal Laws that Protect Students
Family Educational Rights and Privacy Act (FERPA) –
The foundational federal law on the privacy of students’ educational records, FERPA safeguards student privacy by limiting who may access student records, specifying for what purpose they may access those records, and detailing what rules they have to follow when accessing the data.
(FERPA) ANNUAL NOTIFICATION
(FERPA) NOTICE REGARDING ACCESS TO STUDENT RECORDS AND STUDENT INFORMATION
Protection of Pupil Rights Amendment (PPRA) –
PPRA defines the rules states and school districts must follow when administering tools like surveys, analysis, and evaluations funded by the US Department of Education to students. It requires parental approval to administer many such tools and ensures that school districts have policies in place regarding how the data collected through these tools can be used.
Children's Online Privacy Protection Rule (COPPA) –
COPPA imposes certain requirements on operators of websites, games, mobile apps or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age