The Board of Education (the “Board”) recognizes that a safe, secure, and healthy school environment is necessary to promote effective learning. The Board is committed to ensuring that all school buildings are properly maintained and preserved to provide a suitable educational setting.

1. Board Responsibilities

Consistent with the requirements of State law and regulations, the Board will:

1. Appoint a Health and Safety Committee (“H&SC) (see section II below) composed of representation from District administration, District staff, including a representative from each school building, and from each bargaining unit, and parents that will participate in monitoring the condition of occupied school buildings to assure that they are safe and maintained in a state of good repair.
2. Review and approve all building condition surveys (as described in Policy 8220)
3. When required by the State or the Commissioner of Education, undertake visual inspections of school buildings.
4. Take immediate action to remedy serious conditions in school buildings affecting health and safety and report such conditions to the Commissioner of Education.

2. Health & Safety Committee

The H&SC will participate in monitoring the condition of occupied school buildings to assure that they are safe and maintained in a state of good repair. The Superintendent of Schools will ensure that the H&SC is appropriately involved in all activities required by the Commissioner’s regulations. The tasks of the H&SC include, but will not be limited to:

1. Participating in the investigation and disposition of health and safety complaints.
2. Consulting with District officials in completing safety ratings of all occupied school buildings.
3. Monitoring safety during school construction projects including periodic meetings to review issues and address complaints related to health and safety resulting from the project.
4. Upon completion of a construction project, conducting a walk-through inspection to ensure the area is ready to be reopened for use.
5. Ensuring that at least one (1) member of the H&SC participates in any visual inspection required by the State or Commissioner of Education.

During construction projects, a member of the H&SC will be included in the construction management team, along with the architect, construction manager and contractor.

3. Hazardous Materials

The Board directs the Superintendent and all professional and support staff members to comply with occupational safety and health regulations, including the Hazard Communication Standard and “Right-to-Know” legislation. The Superintendent will direct appropriate personnel to develop and oversee a written hazard communication program.

The District Director of School Facilities will develop and oversee the implementation of a written hazard communication program in accordance with the Federal Hazards Communication standard.

1. Safe Use of Hazardous Chemicals in the Classroom

The District's educational chemistry laboratory activities will protect and promote the health and safety of students, employees and the environment. To this end, the Board directs the Superintendent to develop regulations, which at least meet the minimum standards re­quired by federal and state law, ensuring that all laboratories promote a safe and stimulating lear­ning environment.

All participants in any laboratory activity that has the potential to be hazardous will be provided with and must wear an eye safety device.

All schools must provide safe storage and protection of all chemicals and prepare annual inventory reports.

The District will implement a Chemical Hygiene Plan (CHP) to limit exposures to hazardous chemicals which meets the standards required by the Occupational Safety and Health Administration (OSHA).  

The Superintendent of Schools will be responsible for the development of procedures for investigating and resolving complaints related to the health and safety issues in the District’s buildings, consistent with requirements of State law and regulations.

2. Pesticides

The District will comply with the requirements for the visual notification of pesticide spraying as set forth in the Environmental Conservation Law. Provisions will be made for a least toxic approach to integrated pest management (IPM) for all school buildings and grounds in accordance with the Commissioner’s regulations.

All District staff and parents/guardians will be notified of pesticide applications performed at any school facility. A notice will be sent at the beginning of the school year which will include:

1. Notification of periodic pesticide applications throughout school year.
2. The availability of 48-hour prior written notification of pesticide applications to parents/guardians and staff who request such notice.
3. Instructions on how to register with the school to receive this prior written notification.
4. The name and number of the school representative who can provide further information.

If an emergency pesticide application is necessary to protect against an imminent threat to human health, a good faith effort must be made to supply the written notification to individuals on the forty-eight (48) hour registry, prior to the actual application.

4. Accident Prevention, Reporting of Accidents and Unsafe Conditions

In order to take reasonable measures to prevent accidents on the school premises, all students, employees and the public must comply with all safety laws and ordinances.

1. All employees are responsible for school safety and must promptly file a report with the Building Principal whenever any unsafe conditions or unsafe practices are observed. If a determination is made that the condition is in fact unsafe, it will be corrected.
2. All accidents occurring in a classroom, in a school building, on school property, or on buses, regardless of seriousness, must be reported to the Building Principal or District administration, as applicable, as promptly as possible. An incident report must be filed through the Health Services office. Formal objective investigations of all accidents are to be conducted by the Building Principal and the results of the investigation are to be presented to the Superintendent in a written report.

The Board of Education (the “Board”) recognizes that many factors, including the use and misuse of prescription painkillers, can lead to the dependence on and addiction to opiates, and that such dependence and addiction can lead to overdose and death among the general public, including district students and staff. The Board wishes to minimize these deaths by the use of opioid overdose prevention measures and encourages staff, especially coaches of athletic teams, to receive the appropriate training in the administration of intranasal naloxone.

Due to the nationwide increase in the number of opioid overdoses, New York State has issued a law encouraging and allowing school districts to keep Naloxone (NARCAN) on hand for emergency use. The Board approves a program for the use of opioid antagonists on students or staff suspected of having opioid overdose, whether or not there is a previous history of opioid abuse. Opioid antagonists will be limited to naloxone and other medications approved by the Department of Health for such purposes.

The Board directs the school physician to issue a non-patient specific standing order for RN’s to administer intranasal naloxone (also known as NARCAN, among other names). The non-patient specific order will include a written protocol containing the elements required by the regulations of the Commissioner of Education. A copy of this standing order and the NARCAN “kits” will be kept in each health office in the District.

Naloxone will be accessible in the Nurse’s office during school hours and during on-site school-sponsored activities. Naloxone should also be included in First Aid kits used by school interscholastic athletic teams. The Board permits school nurses and those individuals who have received the appropriate training to administer intranasal naloxone to any person displaying symptoms of an opioid overdose at school or a school event whether on or off premises.

Use of an opioid antagonist pursuant to this policy/regulation and the provisions of Public Health Law section 3309 is considered first aid or emergency treatment for the purpose of any statute relating to liability. Provided that the administration of the opioid antagonist is based on a reasonable and good faith belief in compliance with the provisions of Public Health Law section 3309, such District employee will not be subject to criminal, civil or administrative liability solely by reason of such action.

Those trained as volunteer responders in the administering of naloxone will be required to review training every other year.

This policy, regulation, and any related procedures will be reviewed annually by the District’s lead nurse to ensure they continue to meet the needs of the District and are consistent with recommended best practice.

CLICK HERE to download PDF version

Public Health Laws 922 and 3309 allow schools to administer an opioid antagonist to anyone  who exhibits symptoms of suspected opioid overdose. New York State Education Law 6527 and 6909 now permit Registered Nurses to administer an opioid-related overdose treatment using non-patient specific order prescribed by a licensed physician or certified nurse practitioner.

The District authorizes school nurses and other individuals who have received the appropriate training to administer opioid overdose treatments pursuant to a non-patient specific order and protocols. The District’s medical director will issue a non-patient specific order and protocol authorizing school nurses to administer naloxone and/or other opioid-related overdose treatment to students or staff suspected of having an opioid overdose. The non-patient specific order and protocols must comply with regulations of the commissioner of education (8 NYCRR §64.7).

The Lead Nurse, in coordination with the Assistant Superintendent for Student Services will develop procedures for the placement, storage, inventory, re-ordering, administration documentation, reporting, and training of the school nurse, regarding the use of naloxone.

The District will ensure that there is always one backup naloxone kit per building for each kit that is ready to be used.  When a naloxone kit is used, another backup kit will be ordered.  Naloxone that is nearing its expiration date will be replaced. The school nurses will maintain a log of naloxone supplies containing the following information: lot number, date of receipt, expiration date, and location. 

Every administration of naloxone will be reported to the Clinical Director and Program Director of the Opioid Overdose Prevention Program in which the District is participating, as well as the school nurse.

1. REQUIREMENTS

School nurses will follow the non-patient specific order and written protocol for administration of naloxone, which includes criteria for assessment and directions for administration. 

1. Registered Nurses (“RN’s”) must be currently certified in CPR by the American Red Cross or the American Heart Association.
2. RN’s must maintain a Standing Order for Non-Patient Specific Intranasal Naloxone.
3. RN’s should be currently trained in the administration of intranasal naloxone.
4. Each Health Office should have two (2) kits (each kit contains two (2) doses) of intranasal naloxone on hand, and re-order as needed.
5. Each First Aid Kit for interscholastic athletic teams should have two (2) kits (each kit contains two (2) doses) of intranasal naloxone on hand, and re-order as needed.
6. When there is a school-sponsored event being held off-campus, consideration should be given for the nurse in attendance to have more than two (2) kits (each kit contains two (2) doses) of intranasal naloxone on hand.

2. PROTOCOLS – ESSENTIAL STEPS

1. Stimulation - Yell the person’s name, if known; shake, perform sternal rub or pinch skin on upper arm, check pupils – Pinpoint pupils are a key sign of overdose.
2. Activate School Emergency Response Protocol – Call 911, initiate CPR, AED.  If overdose is suspected, prepare to administer naloxone intranasal.
3. Assemble nasal atomizer - Pull or pry protective caps form both ends of needle-free syringe and the glass naloxone vial.
4. Administer naloxone – Place nasal atomizer in one nostril land push vial into syringe using 1 ml of naloxone (half).  Repeat in other nostril using the rest of the naloxone left in the syringe.
5. If breathing, roll person on their side and monitor breathing (Recovery Position) until EMS arrives.
6. If the person is still unconscious and there is no response in three (3) to five (5) minutes, place person on their back and administer second (2^nd) dose of intranasal naloxone.
7. Continue to monitor and support individual. Provide CPR, rescue breathing as needed until EMS arrives.
8. Notify parent(s) and / or guardian(s).  Direct them to the ER where the patient is being transported.
9. Report administration of naloxone / document as necessary and required.
10. Obtain a NARCAN replacement kit.

3. KEY POINTS and PRECAUTIONS

1. Naloxone only reverses opioid overdoses.
2. Effects last 45 minutes to 1½ hours.
3. Affected individual may awaken in combative state.
4. Naloxone is light and heat sensitive. Store in a cool, dry, protected location.

4. REPORTING

School nurses will document all administration of naloxone in the same manner as the administration of other medications under non-patient specific orders. School nurses will report all administration of naloxone to the District’s school physician/medical director, Building Principal and Superintendent.

Emergencies and violent incidents in schools are critical issues that must be addressed in an expeditious and effective manner. The Board of Education (the “Board”) recognizes its responsibility to adopt and keep current a comprehensive District-wide school safety plan and building-level emergency response plan(s) which address violence prevention, crisis intervention, emergency response and management.

Taken together, the District-wide and building level plans provide a comprehensive approach to addressing school safety and violence prevention and provide the structure where all individuals can fully understand their roles and responsibilities for promoting the safety of the entire school community. The plans will be designed to prevent or minimize the effects of serious violent incidents and emergencies, declared state disaster emergencies involving a communicable disease or local public health emergency declaration and other emergencies and to facilitate the District’s coordination with local and county resources. The plans will also address risk reduction/prevention, response and recovery with respect to a variety of types of emergencies and violent incidents in District schools and will address school closures and continuity of operations.

In accordance with state law and regulation, the District will have the following safety teams and plans to deal with violence prevention, crisis intervention and emergency response and management:

1. Comprehensive District-Wide Safety Team and Plan

The Board will annually appoint a District-wide Safety Team that includes, but is not be limited to, a representative from the following constituencies: the Board, teachers, administrators, parent organizations, school safety personnel and other school personnel (including nurses, custodians, transportation personnel). This team is responsible for the development and annual review of the comprehensive District-wide safety plan.

The plan will cover all District buildings and will address violence prevention (taking into consideration a range of programs and approaches that are designed to create a positive school climate and culture), crisis intervention, emergency response and management including communication protocols, at the District level. It will include all those elements required by law and regulation, including protocols for responding to declared state disaster emergencies involving a communicable disease that are substantially consistent with the provisions of Labor Law §27-c.

The Superintendent or designee will be the District’s chief emergency officer, and will coordinate communication between school staff and law enforcement and first responders. The chief emergency officer will ensure that all staff understand the District-wide school safety plan and receive training on the building-level emergency response plan, violence prevention and mental health, and will also ensure that District-wide and building-level plans are completed, reviewed annually, and updated as needed by the designated dates. The chief emergency officer will ensure that the District-wide plan is coordinated with the building-level plans and will ensure that required evacuation and lock-down drills are conducted.

2. Building-Level Emergency Response Plans (“BLERP”) and Teams

Each Building Principal is responsible for annually appointing a building-level emergency response team that includes representation from teachers, administrators, parent organizations, school safety personnel, other school personnel (including bus drivers and monitors), law enforcement officials, fire officials and other emergency response agencies. The emergency response team is responsible for the development and review of a building-level emergency response plan for each District building. The plan(s) will address response to emergency situations, such as those requiring evacuation, sheltering and lock-down at the building level and will include all components required by law and regulation, including measures necessary to comply with Labor Law § 27-c to respond to public health emergencies involving a communicable disease. These confidential plans will include evacuation routes, shelter sites, medical needs, transportation and emergency notification to parents and guardians.

Building-level emergency response plans must designate:

• An emergency response team for incidents that includes appropriate school personnel, law enforcement officials, fire officials, and representatives from local, regional and/or state emergency response agencies to assist the school community in responding to a violent incident or emergency; and
• A post-incident response team that includes appropriate school personnel, medical personnel, mental health counselors and other related personnel to assist the community in coping with the aftermath of a serious violent incident or emergency.

The Building Principal is responsible for conducting at least one (1) test every school year of the emergency response procedures under this plan including procedures for sheltering and early dismissal.

To maintain security and in accordance with law, the building-level emergency response plan(s) are confidential and not subject to disclosure under the Freedom of Information Law or any other law.

3. Annual Review and Reporting

All plans will be annually reviewed and updated, if necessary, by the appropriate team by July 15. In conducting the review, the teams will consider any changes in organization, local conditions and other factors including an evaluation of the results of the annual test of the emergency response procedures which may necessitate updating of plans. If the plan requires no changes, then it will remain in effect. If the District-wide plan requires change, then the updated plan will be submitted to the Board in time to allow thirty (30) days of public comment and to hold a public hearing which provides for the participation of school personnel, students and other interested parties prior to Board adoption. All plans must be adopted by the Board of Education by September 1 of each year.

The Superintendent is responsible for submitting the District-level school safety plan and any amendments to the plan to the Commissioner within thirty (30) days after its adoption, no later than October 1 of each year. The District-wide plan will be posted on the District’s website. Each Building Principal is responsible for submitting the building-level emergency response plan for the building, and any amendments to the plan, to the appropriate local law enforcement agency and the state police within thirty (30) days after its adoption, but no later than October 1 of each year.

Extreme risk protection orders are court orders that restrict the ability of a person, who is judged likely to engage in conduct that would result in serious physical harm to themself or to others, or to purchase or possess firearms, rifles or shotguns, or attempt to do so.

Under state law, the Superintendent and Building Principals are permitted to petition the state Supreme Court for extreme risk protection orders.  Building Principals may submit petitions for students currently enrolled in their building, or for students who were enrolled in their building in the six (6) months immediately before filing the petition (referred to in this policy as “currently-enrolled” and “recently-enrolled” students, respectively).

When District staff members have reason to believe, either personally or through information received by others, that a currently-enrolled or recently-enrolled student is likely to engage in conduct that would result in serious physical harm to themself or to others, they are encouraged to report their concerns to the Building Principal or designee. This is in keeping with employees’ general responsibility for student safety, as well as their own interests for maintaining a safe working and learning environment. District staff members should report such concerns to a Building Principal or designee immediately, and by the fastest available means.

Any other person, including but not limited to students, parents, and community members, may also bring their concerns to the Building Principal or designee that a currently-enrolled or recently-enrolled student is likely to engage in conduct that would result in serious physical harm to themself or to others.

If the Building Principal or designee is absent from the building, the Superintendent or Assistant Superintendent for Business and Operations will be the main point of contact to report concerns.

When a Building Principal receives concerns from persons under this policy or has their own concerns about a student, they must immediately notify the Superintendent. The Superintendent will contact the School Attorney, and a decision will be made on whether it is appropriate to petition for an extreme risk protection order against the student. 

When determining whether it is appropriate to petition the court for an extreme risk protection order, the District will consider, among other things, the following factors as they relate to the student:

1. Threats or acts of violence or physical force made against themself or another person;
2. Violating or allegedly violating orders of protection (i.e., restraining orders);
3. Pending criminal convictions or charges involving weapons;
4. Recklessly using, displaying, or brandishing a firearm, rifle or shotgun;
5. Violating previous extreme risk protection orders;
6. Evidence of recent or current drug or alcohol abuse; and
7. Evidence that the student has recently acquired a firearm, rifle, shotgun, other deadly weapon (including but not limited to knives, clubs, and metal knuckles), dangerous instrument (including items capable of causing death or serious physical injury, when used for that purpose), or ammunition.

Additionally, the Building Principal is directed to contact local law enforcement, in accordance with the Code of Conduct, the District-wide school safety plan, and the building-level emergency response plan.

In consultation with the Superintendent and School Attorney, the Building Principal may designate, in writing, certain other employees at that school to petition the court for the extreme risk protection order. Such employees include: teachers, school guidance counselors, school psychologists, school social workers, school nurses, any other personnel required to hold a teaching or administrative license or certificate, and certain coaches (those who are full- or part-time paid employees required to hold either a temporary coaching license or professional coaching certificate).

In support of the extreme risk protection order petition, District staff may be required to submit affidavit testimony to the state Supreme Court describing their knowledge of threats or threatening conduct exhibited by a student. The Superintendent and/or Building Principal or designee may be required to accompany the School Attorney to the courthouse and provide testimony to the court.  

Under Education Law section 3023, the District must defend and indemnify employees against lawsuits for negligence, accidental bodily injury or property damage where the employee is performing their duties within the scope of employment.

The Superintendent or designee is directed to take appropriate steps to notify District staff of the provisions of this policy. This includes ensuring that employees are trained and knowledgeable about when and how to properly utilize the law to best protect the school from violence. Staff will be notified of who is designated to file extreme risk protection orders in the building or District.

The Superintendent or designee may close the schools or dismiss students / staff early when hazardous weather or other emergencies threaten the health or safety of students and personnel.

Schools will not be closed merely to avoid inconvenience. In making the decision to close schools, the Superintendent or designee will consider many factors, including but not limited to the following, which relate to the safety and health of children:

1. Weather conditions, both existing and predicted
2. Driving, traffic, and parking conditions affecting public and private transportation facilities or the inability for the District to provide students with home-to-school transportation
3. Actual occurrence or imminent possibility of any emergency condition that would make the operation of schools difficult or dangerous, and
4. Inability of teaching or essential support personnel to report for duty, which might result in inadequate supervision of students or the inability to perform essential school functions.

REMOTE INSTRUCTION

If emergency conditions arise that would justify the closing of school buildings on a particular day, the Superintendent may determine that school will remain in session and all instruction will be delivered remotely through virtual teleconferencing or other means. 

After each day of remote instruction, the Superintendent or designee will timely prepare and send an appropriate certification to the New York State Education Department to ensure that the remote instructional time is credited as a session day.     

NOTICE OF CLOSINGS

Students, parents/guardians, and staff will be informed each school year of the procedures that will be used to notify them in case of emergency closing or a switch to remote instruction.

To accommodate the District’s educational program, the Board of Education (the “Board”) is committed to providing suitable and adequate facilities. To this end, proper maintenance and inspection procedures are essential. The Board directs the Superintendent to ensure that proper maintenance and inspection procedures are developed for every school building.

The District Director of School Facilities will serve as chief of the maintenance division, under the supervision of the Assistant Superintendent for Business and Operations. The Director will have charge of all repairs, alterations and improvements to school buildings and grounds as well as have immediate supervision over the work of the custodial and maintenance staff. The Director will oversee a systematic maintenance program which will include periodic preventive maintenance activities, long-range maintenance schedules and emergency repair procedures. 

Consistent with federal and state law and regulations, the following items will be included in the district’s buildings and grounds maintenance and inspection procedures.

      1.            Comprehensive Maintenance Plan

A comprehensive maintenance plan for all major building systems will be instituted to ensure the building is maintained in a state of good repair.  Such plan will include provisions for a least toxic approach to integrated pest management and establish maintenance procedures and guidelines which will contribute to acceptable indoor air quality. The plan shall be available for public inspection.

Procedures will also be established to ensure the safety of building occupants during maintenance activities including standards for exiting and ventilation, asbestos and lead protocols, noise abatement and control of chemical fumes, gases and other contaminants.

      2.            Building Condition Surveys

Each occupied District building will be assessed every five years by a building condition survey on a schedule established by the State Education Department (SED). This survey will be conducted by a team that includes at least one licensed architect or engineer and will include a list of all program spaces and inspection of building system components for evidence of movement, deterioration, structural failure, probable useful life, need for repair and maintenance and need for replacement. Building condition survey reports will be completed and submitted to the Commissioner of Education by the deadlines established by SED.

      3.            Visual Inspections

A visual inspection of building system components in each occupied District building will take place when required by the State or Commissioner of Education. The inspection will be conducted by a team including a local code enforcement official, the District Director of School Facilities or their designee and a member of the Health and Safety Committee. The inspection report will be made available to the public.

A corrective action plan will be developed by a licensed architect or engineer if a deficiency exists in the building.

      4.            Fire Safety Inspections

An annual inspection for fire and safety hazards will be conducted in accordance with a schedule established by the Commissioner of Education.  The inspection will be conducted by a qualified fire inspector and the report will be kept in the district office. Any violation of the State Uniform Fire Prevention and Building Code shall be corrected immediately or within a time frame approved by the Commissioner.

      5.            Safety Rating System

A safety rating keyed to the structural integrity and overall safety of each occupied school building will be provided on an annual basis in consultation with the Health and Safety Committee. Safety ratings will be based on the safety rating system developed by the Commissioner and will comply with all statutory and regulatory requirements.

Building Principals shall, on an on-going basis, undertake their own inspections of school buildings and grounds, searching for any dangerous or hazardous conditions and take immediate steps to remedy the problem.

The Board of Education (the “Board”) recognizes the need for certain staff members, students or community members to utilize portable devices or other equipment as part of their daily educational activities and to effectively perform their duties. The Board permits the authorized use of District-owned equipment (e.g., laptop computers, portable electronic devices, audio-visual equipment) by Board members, District officers and employees, as well as students. The District Director of Instructional Technology (the “Director”) or designee is authorized to issue such equipment to District personnel or students.

The District may impose reasonable travel restrictions on District-owned equipment, including requiring loaned equipment to remain within a particular school building, within the District, or within a certain radius of the District.  Students or staff members are prohibited from taking District-owned equipment outside the State of New York without prior express permission from the Director.  

Users of District-owned equipment should not have an expectation of privacy with regard to records, data or other information contained on the District’s equipment (e.g., computer files, images, messages, records of phone calls, logs, applications or other information). Additionally, users of District-owned equipment should not have an expectation of privacy with regard to Internet usage or other online sites accessed through the equipment, search engine queries made from the equipment, or any information downloaded through the equipment. 

The District may install location-tracking tags in District-owned equipment, or may enable location-tracking software features. The District reserves its right to track the location of such equipment in real time. Students and staff members are prohibited from removing or disabling location-tracking devices or software.    

All equipment will be inventoried each year and the IT Department will maintain records of all equipment loaned for use (e.g., the date such equipment was loaned, to whom it was loaned, and the date of actual return). The list of all individuals possessing District-owned equipment and the level of service contract, if any, will be maintained in the IT Department and will be reviewed by the IT Department who will report those items that cannot be accounted for to the Board annually each October.

The District will establish the level of service contract, if any, for each specific piece of equipment, which will be determined by the Business Office and through the IT Department based on anticipated business usage. Annually, the Business Office will evaluate the cost and effectiveness of the service contracts and will seek new quotes, bids or RFP’s as appropriate.

Users must take proper care of the equipment and take all reasonable precautions against damage, loss, theft, or use by other parties. Any damage, loss or theft must be reported immediately to the IT Department. Users may be liable for damages or loss which occur during the period of their use.

Equipment will be returned to the IT Department at the end of the period of permitted use, as well as at the end of an employee’s service to or a student’s enrollment in the District or upon demand by the Superintendent or designee.

No item may be sold to or purchased by the user unless such equipment has been returned to the District for evaluation and, if necessary, disposed in accordance with District policy.

The Superintendent, in consultation with the Assistant Superintendent for Business and Operations and/or the Director will establish regulations governing the loan and use of District equipment. 

1. The individual must have an instructional, extracurricular or other assignment that requires that they use the equipment.
2. The individual must be engaged in one or more projects requiring the use of such equipment.

The individual must complete the Agreement for Short Term Loan of or Other Equipment (Exhibit 8330-E-2) and must receive authorization from the Director.

Student/Parent Information 

Student Name:              _______________________________________________________________________

                                                                             Last                                         First                                        Student ID#

Parent/Guardian Name:  _____________________________________________________________________

                                                            Last                              First                

In this Agreement, “you” and “your” means the parent/guardian and the student enrolled in the Manhasset Union Free School District (“MUFSD” or the “District”). The “equipment” is a Chromebook and power cord/charger.

By signing this form, you confirm that you understand the information in this Agreement. You also confirm that you have read, understand, and accept the terms of MUFSD Technology Resources and Data Management Policy 8630, Acceptable Use – Technology Policy 4526 and Regulation 4526 R.

__________________________________________________________________________________________

Parent/Guardian Signature                                                                                                                      Date

__________________________________________________________________________________________

Student Signature                                                                                                                                        Date

Manhasset Public Schools

Agreement for Short Term Loan of

Computer or Other Technology Equipment

I, (Please Print Name)                                                                      , request permission to remove from the Manhasset Public Schools the computer or other technology equipment indicated below for the period of time specified below (not more than fourteen (14) days inclusive of weekends) for purposes directly relating to schoolwork.

I understand that in order for the Instructional Technology Department to accurately account for the whereabouts of loaned equipment and to agree to lend me such equipment, the District requires that I acknowledge the loan of equipment by completing and signing this form.

I agree to safeguard the equipment at all times while it is in my possession. Under no circumstances will I permit anyone else, adult or child, to borrow or use the equipment. I further agree to inform the Instructional Technology Office immediately if the equipment is lost, damaged or stolen. At that time, I will also make all necessary arrangements with District officials and local civil authorities to trace and secure the equipment and/or to expedite its immediate repair if damaged or inoperative. I understand and accept that all computer or other technology equipment must be returned in good working condition to its proper District location. I agree to pay all costs for repair of or service to damaged or non-functioning equipment under my custody that is not attributable to "fair wear and tear" as determined by the District in its sole discretion. 

I have been issued the item(s) listed below for my school-related use by the Manhasset School District.                  If I have any questions, I will call the Instructional Technology Office at 516-267-7533.

___________________________________     Student           Faculty           Staff            Administration

   Name (please print)                                                                                  

______________________________________    _____________    ___________________________

                  Signature                                                            Date              Position / Department (if employee)

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

_______________                   ___________________________________________________________                        

Date                                            Signature / Acknowledged by: District Director of Instructional Technology

I, ________________________________________, agree to the terms listed below as

               (Student Name - Please Print )

requirements for the short-term loan of ________________________ from the Manhasset School District.

_______________________________                             ________________________

           Parent Signature                                                                      Date

Name and Signature of School Official:

______________ __________________                   ___________________________

                  (Please Print)                                                            (Signature)

Terms of Loan

1.      The loan of this equipment is intended solely for use by me for my school-related work.

2.      The term of this loan is not to exceed the last week of the current school year.  If needed, equipment will be reassigned in the following fall.

3.      I agree to be financially responsible for any loss or damage which is not mentioned at the bottom of this form at the time of the loan.  Furthermore, I agree to be responsible for the loss of or damage to hardware, software, carrying case, peripherals or other materials borrowed from the school and listed below.

4.      Security deposit of $100 (check or money order):    ___ Attached             ___Waived

5.   I have been instructed in the care and use of this computer: ______________                 

              (Student Initials above)

  ___________________________                            ____________________________

   Serial No. of Unit Borrowed                                               Signature of Student

____________________________                            _____________________________

 Manhasset Barcode                                                                Date

Item borrowed               _________________________________________________                  

Escuelas públicas de Manhasset

IEP o ACUERDO FINANCIERO BASADO EN LAS NECESIDADES

PARA PRÉSTAMO DE EQUIPAMIENTO DE TECNOLOGÍA EDUCATIVA

Yo, ______________________________ y mi padre/madre/tutor legal estamos de acuerdo con los

(Nombre del/de la estudiante - en letra de imprenta)

términos mencionados abajo como requisitos para el préstamo de los artículos indicados a continuación del Distrito escolar de Manhasset.

1. El préstamo de este equipamiento está destinado únicamente para mi uso en mi trabajo relacionado con la escuela. Bajo ninguna circunstancia permitiré que nadie más, adulto o menor, tome prestado ni use este equipamiento.
2. El plazo de este préstamo no excederá la última semana del presente año escolar. Si se necesita durante el verano, comprendo que se podrá reasignar el equipamiento.
3. Me comprometo a resguardar el equipamiento en todo momento mientras esté bajo mi posesión. Además, informaré a la Oficina de tecnología educativa de inmediato al 516-267-7533 si el equipo se pierde, sufre algún daño o lo roban. En ese momento, también haré los arreglos necesarios con los funcionarios del Distrito y las autoridades civiles locales para rastrear y asegurar el equipamiento o agilizar su reparación inmediata en caso de que sea dañado o no se pueda operar.
4. Comprendo y acepto que todas las computadoras u otro equipamiento tecnológico se deben devolver en funcionamiento a su ubicación del Distrito correspondiente. Estoy de acuerdo con ser financieramente responsable y con pagar todos los costos por cualquier pérdida, reparación o servicio prestado por daños o falta de funcionamiento del equipamiento durante mi custodia que no sean debido al desgaste natural, según lo determine el Distrito a su entera discreción.
5. Acepto ser responsable por la pérdida o daño del hardware, software, estuche de transporte, periféricos u otros materiales tomados en préstamo de la escuela e indicados a continuación.
6. Me han indicado cómo cuidar y usar esta computadora:               ___________                                                 

   (Iniciales del/de la estudiante arriba)

____________________________________________                    ________________________

Estudiante - Firma                                                                                            Fecha

Padre/madre/tutor del/de la estudiante - Nombre en letra de imprenta

____________________________________________                    ________________________

Firma del padre/madre/tutor del/de la estudiante - Firma                            Fecha

+++++++++++++++++++++++++++++++++++++++++++++++++++++++

Cualquier daño durante el préstamo se debe indicar a continuación:

________________________________________________________

The Board of Education (the “Board”) affirms its goal of providing a safe and economical transportation system for District students, grades K through 12. Transportation will be provided at District expense to those students who are eligible as authorized by the Board.

The major objectives in the management of the student transportation program will include: 

1. Providing efficient, effective and safe service
2. Ensuring that all students whose disability or distance from school requires them to receive necessary transportation do, in fact, receive it
3. Adapting the system to the demands of the instructional program
4. Reviewing school bus schedules and routing plans at least once a year to ensure that maximum efficiency and safety are maintained, and
5. Reviewing the eligibility for transportation of students residing in the District at least once a year, to ensure that all that are entitled to the services receive them.

Reasonable minimum riding limits shall be established by the Board. 

Exceptions to the established riding limits may be made only in the case of a temporarily or permanently physically disabled child for whom a physician has requested transportation after approval by the CSE or the Director of Special Services.

The Superintendent will be responsible for administering the transportation program, which will comply with all applicable laws, regulations and policies established by federal, state and local authorities.

The Transportation Office, under the direction of the Assistant Superintendent for Business and Operations, will establish bus routes. 

1. Authorized bus stops will be located at reasonable intervals in places where students may embark and disembark the buses, and await the arrival of buses, in the utmost safety allowed by road conditions.
2. Fixed bus stops will be established using the following guidelines:

1. Generally, dead-end and loop streets will not be serviced by school buses. Whenever possible, stops will be at the intersections of two (2) streets
2. Numbers of students at bus stops will be varied according to the concentration of riders in an area, the degree of traffic, the presence of stop signs, speed limits
3. Walking distances to pick-up points may be varied according to grade level
4. An effort will be made to minimize crossing of the road by students.

3. Turnarounds will not be established unless adequate space is available and such space is properly maintained. A turnaround is not permissible if it would require the school bus to back-up in reverse.
4. Transportation will be provided on side roads that are maintained by town, village, or county highway departments unless the lack of maintenance makes it unreasonably hazardous for drivers and students to traverse these roads, or the road is too narrow to allow the safe passage of a school bus. Examples of unreasonably hazardous conditions include flooding, road erosion, ice, snow and mud.
5. Transportation will not be provided on highways that have not been dedicated and/or maintained by town, county, and/or state highway departments (private roads).

LATE BUS TRANSPORTATION

The Board will provide late bus transportation to resident students who engage in after-school programs at their school, when there are at least five (5) students utilizing such transportation service or when such service can be provided at no additional cost.

Decisions regarding the provision of late bus service will be made each school year based upon the enrollment at each school and the number of students who will utilize late bus service.

In the event that late bus ridership falls below the minimum of five (5) students for ten (10) consecutive days, the run may be cancelled at the discretion of the District, no sooner than 10 days following written parental notification.

TRANSPORTATION TO NON-PUBLIC SCHOOLS

Transportation requests for students attending non-public schools must be received in writing by the District no later than the April 1^st preceding the beginning of the next school year using the Application for Transportation to a Non-Public School which is available through the District’s Transportation Office. If a student moves into the District later than April 1^st, the request must be received within thirty (30) days of establishing residence in the District.

All transportation requests received after the deadline will be considered by the Board on the basis of each case's merits. Criteria used by the Board in judging whether to accept a late request may include, but not be limited to, the following:

1. Whether transportation will require an additional cost, and, if so,
2. The reasonableness and/or educational validity of the excuse for the late request.

For students attending non-public schools, late bus transportation must be requested on the annual Application for Transportation to a Non-Public School form, due to the District no later than April 1^st preceding the beginning of the next school year.

RIDING LIMITS – TO DISTRICT SCHOOLS and TO NON-PUBLIC SCHOOLS

Students residing in the District are eligible to receive transportation to schools located within the District in accordance with the following table of distances from home to school attended:

Grade Distance

K - 6                No minimum distance

7 - 12   1 mile from home to school

Distances are measured by the nearest available (shortest) route from home to school.

Students attending non-public schools located outside of the District are eligible to receive transportation under the same distances governing students attending schools within the District, provided the schools they attend are less than 15 miles from their home.

SCHOOL BUS SAFETY

The Superintendent, Building Principals, and the Transportation Office will cooperate with governmental agencies on matters of safety. The Transportation Office will establish and check loading and unloading procedures at each school and student conduct on buses. The Superintendent or designee will arrange for a minimum of three (3) bus drills on each school bus during the school year, with the first drill occurring within the first seven (7) days of school, the second drill occurring between November 1 and December 31, and the third drill occurring between                          March 1 and April 30, as required by law.

Students attending non-public schools who do not participate in the bus drills as required by the Regulations of the Commissioner will be provided with instruction on school bus safety.

The Board of Education recognizes the dangers inherent in alcohol and controlled substance use by employees especially those in safety-sensitive positions. To ensure the safety of its students and to comply with federal regulations, any company contracting with the District to provide transportation to District students is responsible for conducting alcohol and drug testing required under federal law and regulations.   

Allowing vehicles to idle (i.e., vehicle is stopped with the engine running) produces unnecessary exhaust gas which contains harmful chemicals and pollutants. In addition to negatively impacting the environment, these substances may cause cancer and other health problems, especially in children. The implementation of this policy is designed to reduce exposure to harmful vehicle exhaust emissions by eliminating the unnecessary idling of vehicles on school property, and applies to school buses and other school vehicles, as well as any passenger vehicles.

Any contract entered into by the District with private vendors for student transportation services will include a provision requiring compliance by the vendor with the state’s bus idling laws and regulations and this policy.

Drivers of all vehicles on any school campus must turn off the engine of their vehicle:

1. While waiting for passengers to load and unload on school grounds
2. When the vehicle is parked or standing on school grounds, or in front of or adjacent to any school, or
3. During sporting and other school events.

Idling may be permitted under the following conditions:

1. When necessary to maintain an appropriate temperature for passenger comfort (if auxiliary heaters are not available)
2. When necessary for mechanical work, or to keep the windshield clear of ice, or
3. When necessary during emergencies to operate a wheelchair lift or other special equipment for disabled students.

All operators of school buses and other school vehicles will ensure compliance with  all other requirements established in Education Law 3637 and Part 156.3(i) of the Commissioner’s Regulations. 

The District will provide annual notice of these requirements to all school personnel within five (5) school days after the start of the school year, or within (5) school days of beginning employment in the District.

Building Principals or designated school staff members should periodically monitor pick-up and drop-off times for compliance with those requirements.    

1. Food Service Management

The Board of Education (the “Board”) recognizes that the nutrition of the District’s students is an important factor in their education process, and that providing student access to nutritious meals each day, in a clean, safe enjoyable meal environment is an integral part of the total school program. 

The management of the food service program may be contracted to a service provided and will be under the direction of the Assistant Superintendent for Business and Operations. The program should be operated in strict compliance with the District’s Wellness Policy and in accordance with the requirements of the governing bid document, in the service of healthy and appealing foods and beverages, following state and federal nutrition guidelines.

2. Charging School Meals

The Board seeks to provide student access to nutritious meals each school day. However, the Board recognizes that on occasion, students may not have enough funds for a meal.

To ensure that students do not go hungry, the Board will allow students who do not have enough funds to “charge” the cost of meals to be paid back at a later date, subject to the terms in this policy.

To comply with State guidelines and maintain a system for accounting for charged meals, regarding both full and reduced-price meals, the District will:

1. Allow only regular reimbursable meals to be charged, excluding extras, à la carte items, side dishes, additional meals, and snacks. The charging of extras, à la carte items and snacks is expressly prohibited.

2. Use a computer-generated point of sale system, which identifies and records all meals as well as reflects repayments.

Charged meals must be counted and claimed for reimbursement on the day that the student charged (received) the meal, not the day the charge is paid back.  When charges are paid, these monies are not to be considered “à la carte” transactions, as a section on the daily cash report or deposit summary reads “charges paid.”

3. Students will not be denied a reimbursable meal, even if they have accrued a negative balance from other cafeteria purchases, unless the parent/guardian has provided written permission to the school to withhold a meal. No student with unpaid charges will be prohibited from purchasing food if they have money that day.

If the District school food authorities (SFAs) suspect that a student may be abusing this policy, written notice will be provided to the parent/guardian.

4. Students who cannot pay for a meal or who have unpaid meal debt will not be publicly identified or stigmatized (including wristbands or hand stamps), required to do chores or work to pay for meals, served an alternate meal different than what paying students receive, or have meals thrown away after they have been served. District staff will not discuss a student’s unpaid meal debt in front of other students. The District will not take any action directed at a student to collect unpaid school meal fees. However, the District may discreetly notify students of their account balances, and why certain items (e.g., à la carte, etc.) cannot be provided with charged meals. 

5. Allow challenges to purchases for five (5) days from the date of purchase. The decision to remove a purchase from an account is in the District’s sole discretion.

1. Student Account Balance Notification

The District’s point of sale payment system allows parents to register online for electronic access to a student’s lunch record, to monitor purchases, to make scheduled or one-time payments, to receive low balance alerts and to provide for automatic replenishment when a balance reaches a certain amount set by the parent/guardian. The District encourages parents/guardians to utilize this option.

Parents/guardians regularly will be discreetly notified of student account balances. The District will discreetly notify the parent/guardian of the low or negative account balance, and the process to refill the account, to fund future purchases, and to resubmit a Free & Reduced Meal application if their financial status has changed. This notification will continue regularly until the account is replenished.  Parents/guardians must repay all unpaid charges remaining at the end of the year or before their child leaves the District, whichever occurs first.

        The District will:

1. Discreetly notify parents/guardians of students with negative balances of at least five meals,
2. Determine if the student is directly certified to be eligible for free meals,
3. Attempt to reach the parent/guardian to assist them in the application process for free and/or reduced-price meals, and
4. Determine if there are other issues within the household causing the insufficient funds and offer appropriate assistance. 

If a parent/guardian regularly fails to provide meal money and does not qualify for free and/or reduced-price meals, the District may take other actions as appropriate, including notifying the local department of social services if neglect is suspected.

The District will notify all parents/guardians in writing on an annual basis at the start of the school year and to families transferring during the year, outlining the requirements of this policy. The policy will also be published in appropriate school and District publications. All staff involved in implementing and enforcing this policy will also be notified of these requirements and their responsibilities.  The District’s enrollment process will include the application process for free and reduced-price meals. If the District becomes aware that a student is so eligible, it will file an application for the student. Staff responsible for assisting foster, homeless and migrant students will coordinate with the food services staff to ensure such students receive free school meals.

2. Unpaid Meal Charges and Debt Collection

Unpaid meal charges are a financial burden to the District and taxpayers and can negatively affect the District’s meal program. Unpaid meal charges will be considered “delinquent” as per the District’s accounting practices.  The District will attempt to recover unpaid meal charges before the end of the school year but may continue efforts into the next school year or subsequent school years. The District will notify parents/guardians of unpaid meal charges at regular intervals and may engage in collection activities by District staff only. The District may not engage “debt collectors” as defined in federal law (15 USC §1692a), and may not charge fees or interest on any delinquent unpaid balances. The District will offer repayment plans, and may take other actions that do not result in harm or shame to the child, until unpaid charges are paid in full.

3. Remaining Account Balances

At the end of each school year, the District sends parents/guardians notifications of positive and negative balances, which includes instructions on requesting a refund form. Positive balances will be moved between sibling accounts in order to offset any negative balances in other sibling accounts. Any remaining funds will be carried over to the next school year and will move with each student as they move from grade to grade and within the District on to Middle School and High School. Parents/guardians may request that funds be refunded or transferred to other students (e.g., siblings, unpaid accounts). All such requests must be in writing. The balances of graduating or transferring students will be moved to a sibling. Parents/guardians of graduating or transferring students are responsible to pay negative balances, or to request a refund of a positive balance. Unclaimed funds remaining after six months will be absorbed by the school meal account.

4. Staff

Staff members may purchase food from the District’s food services.  However, all purchases must be paid for at the point of sale using cash or a pre-funded point of sale account. Staff members are not allowed to charge meals to be repaid later.  Prices for food purchased by staff members will adhere to the annual adult minimum selling prices established by the New York State Education Department’s Office of Child Nutrition Program Administration. 

Building Principals, working with the Director of Food Services, will ensure that all District and food service staff with responsibilities under this policy will be trained on the provisions of this policy and the requirements of Education Law section 908.

The Board of Education (the "Board") recognizes that the nutrition of District students is an important factor in their educational progress. Therefore, the Board will participate in the federally funded National School Lunch Program at its elementary schools, will offer an equivalent free and reduced breakfast and lunch program at its Secondary School, and will provide free and reduced-price meal services to qualified District students.

Availability, Application & Notification

To apply for the free and reduced-price meal program:

1. Each August preceding the upcoming school year, notice of the availability of the free and reduced-price meal programs will be sent to the homes of students who received such meal services in the prior school year, reminding parents/guardians of the annual requirement to apply for free and reduced meal services. 
2. In addition, during the first week of school each year, an Application for Free and Reduced Price Meals will be provided to each student in the District. Any child who is a member of a family unit whose income is below the federally established scale will be eligible to receive such services.
3. Application forms will be available in the main office of each school building and on the District web site, and can be completed and submitted at any time during the year.
4. Completed application forms must be submitted to the Building Principal of the school which the student attends or directly to the District Office, Attention: Food Service Verification, 200 Memorial Place, Manhasset, NY 11030, prior to any determination of eligibility.
5. The parent or guardian will be informed of the determination of eligibility within one week of receiving a properly completed application.

Applications will be kept confidential.

Free and reduced-price meal program benefits are only valid during the same school year the eligibility determination is made, and no more than thirty (30) operating days into the next school year. Parents or guardians who remain eligible for such benefits should re-apply at the beginning of each new school year.

Upon written request, the Assistant Superintendent for Business and Operations, or designee, will hear appeals of determinations regarding such services in compliance with federal regulations governing the National School Lunch Program.

The state provides information on eligible Medicaid recipients alongside the information on SNAP. Students in a household which is receiving Medicaid benefits, where the household income is at or below 133% of the federal poverty level for the family size, are eligible for direct certification for free and reduced price meal services.

In order to reach students who are categorically eligible for free and reduced-price meal services and to comply with state law, three (3) times per school year Food Service Verification will review the list made available by the State Education Department of children ages three to 18 who are in households receiving federal food assistance and/or Medicaid benefits (for certain recipients) alongside the information on SNAP to identify students within the District. The District will send a notice to those families apprising them of their student’s eligibility to participate in the school meal programs without further application. Parents may decline participation by informing the District in writing. If the service is declined, the student will be removed from the eligibility list.

The Board allows direct certification to participate in the District’s meal service programs to children other than those included in the paragraph above (who are required to be given that opportunity).  In accordance with federal regulations, foster, migrant, runaway, homeless and Head Start children can be “categorically” eligible for free meals (i.e., eligible by virtue of being designated in those status categories). 

Therefore, children who have been identified by District personnel to be homeless, migrant or runaway, or in foster care can be directly certified to participate in the District free and reduced price meal program. 

The Building Principal, in conjunction with the Food Service Director, will establish mealtime procedures that both protect the anonymity of the student and allow for proper accounting.

The Board of Education (the “Board”) recognizes that technology is a powerful and valuable education and research tool and is an important part of the instructional program. In addition, the District depends upon technology to administer and manage the District’s resources including, but not limited to, the compilation of data and recordkeeping for personnel and students, and for accounting and finance. It should be noted that for the purposes of this policy, that District technology resources include a myriad of devices, both physical and virtual, including, but not limited to, District servers, switches, access points, laptops, desktops, tablets, printers, scanners, and fax machines. The District further recognizes the need to ensure that the systems and databases of the District are adequately secured to protect such data from unauthorized access and use. The following policy outlines the Board’s expectations in regard to the District’s technology resources and the security of its systems.

The rules and regulations in this policy govern the use of the District's technology resources, access to the Internet, and management of electronic records.

1. Administration of Technology Resources and Data Management

The District Director of Instructional Technology (the “Director”) will act as the District Administrator to oversee the management, use and security of District informational and instructional technology resources. The Director will have primary supervisor responsibility over the District’s Information and Instructional Technology Services (“IT Services”). The Director, or designee, will:

1. Coordinate and oversee the computer network and the use of District computer resources.
2. Be responsible for the purchase and distribution of computer software/hardware throughout District’s schools, working in conjunction with the Building Principals and the Assistant Superintendent for Business and Operations.
3. Be the leader in understanding current and future technological resources available for integration into the District’s systems and the ramification of these resources to the District’s systems.
4. Be responsible, on an on-going basis, to assess, analyze and manage cyber-security and privacy risks to the District.
5. Prepare in-service programs to provide District staff with training and development of the skills needed to effectively and safely use the District’s technology and systems and to incorporate the necessary computer technology in instruction in subject areas and/or administrative duties, as the case may be.
6. Develop regulations to provide specific guidance and rules governing the use and security of the District’s computer network.
7. Ensure that the operation of District IT Services is in full compliance with District's policies, regulations and procedures, as well as and all federal, state and local laws, including without limitation, New York State Education Law and Regulations, privacy laws and practices, copyright and other intellectual property laws and regulations and other applicable laws, rules and regulations. 
8. Disseminate and manage email procedures and regulations, including the treatment of spam and use and access to the internet and other related issues.
9. Manage third-party contracts and agreements relating to IT Services.
10. Ensure the District maintains compliance with Education Law § 2-d and the related regulations issued by the Commissioner of Education. 
11. Assist the administration with conducting investigations into misuse of equipment or network resources or violations of the District’s Acceptable Use – Technology Policy 4526. 

The Superintendent is responsible for ensuring that the Director, in consultation with the District administration team, will prepare a comprehensive multi-year technology plan (the “Technology Plan”) which will set forth the technology needs of the District in all required areas for a reasonable period of time, but in no event less than three (3) years. The Technology Plan will include information about current and future plans and estimated costs associated with future purchases and upgrades. The Plan must be approved by the Board. 

2. Use and Security

The Superintendent, in consultation with the Director and the network administrator, will establish all rules and regulations governing the use and security of the District’s technology resources, including internet access and cloud-based services and platforms subscribed to by the District (the “Network”). The network administrator will monitor and examine all Network activities, as appropriate, to ensure proper use of the system.

1. The level of Network access and rights will determined by the Director. Access rights will be audited by the District’s internal auditor each school year. 
2. The Human Resources Department will submit requests for Network access and e-mail accounts by completing a new employee form or change of status routing form and forwarding it to IT Services.
3. When a user is no longer employed by the District, the Human Resources Department will initiate a termination routing form which will be routed to IT Services to notify them to terminate access for the individual that is no longer employed by the District. 
4. The security and integrity of the District Network is a vital concern of the Board; the District will make every reasonable effort to adequately secure and maintain the system including the use of data encryption where deemed necessary. The network administrator will take reasonable steps to protect the Network from viruses or other software that would comprise the Network.
5. A monthly report of administrative Network rights, account changes and dormant accounts, as well as antivirus verification will be reviewed by the network administrator and the Director. 
6. All users of the District’s Network and/or platforms subscribed to by the District will comply with this policy, as well as the District’s Acceptable Use Policy (AUP) Policy 4526. Failure to comply may result in counseling, disciplinary action, suspension and/or revocation of computer access privileges and/or legal action.
7. Users of the District’s Network must not expect, nor does the District guarantee, privacy when using the Network, for example, with respect to the content and use of electronic mail (e-mail), use of the internet, and stored data. The District reserves the right to access and view any material stored, prepared, produced or used in conjunction with the District’s Network.

3. Network Facilities

1. The installation or downloading of any software or the uploading of any data to unauthorized web-based servers by users is prohibited. Software may only be installed on District computers by IT staff under the supervision of the Director. The use of web-based services by any staff member must comply with NY State and Federal laws regarding data privacy (Parents’ Bill of Rights for Data Privacy & Security, COPPA, FERPA).
2. All users are reminded that, as stated in regulation 4526-R, authorized use of District equipment, hardware, software, supplies, Network resources, data storage resources and District licensed applications is for school-related purposes only, and only in accordance with District Policy. As such the storage of personal data (e.g., including but not limited to, video, photographs, music) on the Network is not allowed; if personal files or data are discovered on the Network, they will be deleted without any further notice or warning.
3. All routers, switches, servers, and communications appliances within the Network must have up-to-date anti-hacking and anti-virus software to protect the Network. Security inspection logs are to be verified on a monthly basis by the network administrator and will be made available to the Director for review. 
4. The main wiring closets for the Network will be secured at all times and access only to these areas will be given to the Director, members of the IT staff and the building head custodian. 
5. The financial systems of the District must be installed on a separate secure server/virtual server (“server”) on the Network. This server must be secured behind a firewall and must be separate from other storage areas, Network applications and management systems of the District. Access to the financial system is denied to all users except those given specific rights of access. Any unauthorized access to this secured area is a serious violation of District policy.

4. Management of Electronic Records

The Board recognizes that as District data is managed electronically, it is critical to exercise appropriate controls over access to electronic records, whether stored onsite on District servers or on remote servers in the “cloud”, including, but not limited to: (a) financial information, (b) personnel information, (c) student information, (d) academic and administrative subscription services, and (e) governmental reporting. The Director, in consultation with other District administrators, as appropriate, will establish procedures governing management of electronic records.

The procedures will address:

A. Passwords 

5. 1. Passwords will be changed at least twice a year through a process conducted by the IT Department, unless otherwise required to be on a more frequent basis (e.g., financial software). 
   2. If a user suspects that their password is compromised, then the user should change their password.
   3. Any user level password(s) for access will be changed by the user when a compromise is suspected or discovered; the IT Department is available to assist, if needed.
   4. Passwords are not to be shared under any circumstances. If access to a specific system is needed by a person other than the user assigned (i.e., a supervisor or temporary employee), the network administrator, or their designee, will permit access by the authorized third party. 

B.  Segregation of Duties

Access to electronic records will be based on the roles and responsibilities of the specific job function of the specific user.

1. An annual review of access rights will be performed by the Director or designee to ensure a strict policy of segregation of duties and assignment of rights and permissions appropriate for each user.
2. Specifically, with respect to authorization for individuals using financial systems to access the District’s financial information, access will be granted and managed as well as reviewed on an annual basis by the Business Manager. 
3. The Director will implement appropriate compensating controls when adequate segregation of duties is not practical or possible. 
4. When special needs arise, such as an extended absence by an employee designated for a specific job function in the financial system, temporary changes to authorizations may be requested. Approval for all changes in these authorizations must be in writing and signed by the Assistant Superintendent for Business and Operations.

C.  Third Party Vendor - Remote Access and Security

Remote access for purposes of updating the District’s systems or software may be granted to a third party vendor by the network administrator, who will provide multi-factor authentication (MFA) approval each time access is granted. 

Remote access logs must be reviewed monthly by the network administrator and the Director. Any unauthorized access will be reported immediately by the network administrator and all remote access will be terminated until permission to resume is granted.

D. Backup and Disaster Recovery

The network administrator will develop and implement procedures for data back-up and storage. These procedures will facilitate the disaster recovery plan and will comply with the requirements for records retention in compliance with the District’s policy on School District Records (1120).

1. An on-site, incremental backup of the District's systems data including, but not limited to financial data, will be performed on a daily basis (including archiving of e-mail). 
2. An off-site, incremental backup of critical systems will be performed on a daily basis.
3. Student management systems data will be hosted and backed up off-site by the respective third party vendors. 

As part of its three-year plan, IT Department must maintain a disaster recovery plan for the District, which is to be reviewed on an annual basis. 

6. Review and Dissemination

The Director will be responsible for disseminating and interpreting District policy and regulations governing use of the District's technology resources.

The Director will oversee employee training for proper use of the District’s technology resources. All students will receive age-appropriate training in the use of computer equipment and online platforms, in accordance with New York’s Computer Science & Digital Fluency standards for students. Such lessons include Internet Safety, Digital Citizenship, and Cybersecurity.

As technology is a rapidly changing area, it is important that this policy be reviewed periodically by the Board. The Acceptable Use – Technology policy 4526 will be disseminated annually to staff and students and will be included in the registration packets for new students.

The Board of Education (the “Board”) acknowledges the heightened concern regarding the rise in identity theft and the need for secure networks and prompt notification when security breaches occur. Thus, the Board adopts the National Institute for Standards and Technology Cybersecurity Framework Version 1.1 (NIST CSF) for data security and protection. The Data Protection Officer (“DPO”) is responsible for ensuring that the District’s systems follow NIST CSF and adopt technologies, safeguards and practices which align with it. This will include an assessment of the District’s current cybersecurity state, their target future cybersecurity state, opportunities for improvement, progress toward the target state, and communication about cybersecurity risk.

The Board will designate a DPO to be responsible for the implementation of the policies and procedures required in Education Law §2-d and its accompanying regulations, and to serve as the point of contact for data security and privacy in the District.

The Board directs the Superintendent, together with appropriate business and technology personnel, and the DPO (where applicable) to establish regulations which address:

• The protections of “personally identifiable information” or PPI of student and teachers/Building Principals under Education Law §2-d and Part 121 of the Commissioner of Education;
• The protections of “private information” under State Technology Law §208 and the NY SHIELD Act; and
• Procedures to notify persons affected by breaches or unauthorized access of protected information.

1. Student and Teacher/Building Principal “Personally Identifiable Information” under Education Law §2-d

1. General Provisions

PII as applied to student data is as defined in Family Educational Rights and Privacy Act (Policy 5500 – Student Records), which includes certain types of information that could identify a student, and is listed in Regulation 8635-R.  PII as applied to teacher and Building Principal data includes results of Annual Professional Performance Reviews that identify the individual teachers and Building Principals, which are confidential under Education Law §§3012-c and 3012-d, except where required to be disclosed under state law and regulations.

The DPO will make a determination whether the use and/or disclosure of PII by the District benefits students and the District (e.g., improve academic achievement, empower parents/guardians and students with information, and/or advance efficient and effective school operations). However, PII will not be included in public reports or other documents.

The District will protect the confidentiality of student and teacher/Building Principal PII while stored or transferred using industry standard safeguards and best practices, such as encryption, firewalls, and passwords.  The District will monitor its data systems, develop incident response plans, limit access to PII to District employees and third-party contractors who need such access to fulfill their professional responsibilities or contractual obligations, and destroy PII when it is no longer needed.

Certain federal laws and regulations provide additional rights regarding confidentiality of and access to student records, as well as permitted disclosures without consent, which are addressed in Policy 5500 and Regulation 5500-R - Student Records. However, any release of PII, even if it is directory information, must benefit the students and the District (improve academic achievement, empower parents/guardians and students with information, and/or advance efficient and effective school operations).

Under no circumstances will the District sell PII or disclose PII for any marketing or commercial purpose, facilitate its use or disclosure by any other party for any marketing or commercial purpose, or permit another party to do so.  Further, the District will take steps to minimize the collection, processing, and transmission of PII.

Except as required by law or in the case of enrollment data, the District will not report the following student data elements to the State Education Department:

1. Juvenile delinquency records;
2. Criminal records;
3. Medical and health records; and
4. Student biometric information.

The District has created and adopted a Parent’s Bill of Rights for Data Privacy and Security (see Exhibit 8635-E) which is published on the District’s website at www.manhassetschools.org and available from the District Clerk.

2. Third-party Contractors

The District will ensure that contracts with third-party contractors reflect that confidentiality of any student and/or teacher or Building Principal PII be maintained in accordance with federal and state law and the District's data security and privacy policy.

Each third-party contractor that will receive student data or teacher or Building Principal data must:

1. Adopt technologies, safeguards and practices that align with the NIST CSF.
2. Comply with the District’s data security and privacy policy and applicable laws impacting the District.
3. Limit internal access to PII to only those employees or sub-contractors that need access to provide the contracted services and have legitimate educational interests.
4. Not use the PII for any purpose not explicitly authorized in its contract.
5. Not disclose any PII to any other party without the prior written consent of the parent/guardian or eligible student (i.e., students who are eighteen (18) years old or older):

1. 1. 1. Except for authorized representatives of the third-party contractor to the extent they are carrying out the contract, or
      2. Unless required by statute or court order and the third-party contractor provides notice of disclosure to the Board no later than the time that the information is disclosed, unless providing notice is expressly prohibited by statute or court order.

6. Maintain reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of PII in its custody.
7. Use encryption to protect PII while in motion or at rest in its custody; and
8. Not sell, use, or disclose PII for any marketing or commercial purpose, facilitate its use or disclosure by others for marketing or commercial purpose, or permit another party to do so.

Third party contractors may release PII to subcontractors engaged to perform the contractor’s obligations, but such subcontractors must abide by data protection obligations of state and federal law, and the contract with the District.

If the third-party contractor has a breach or unauthorized release of PII, it will promptly notify the District in the most expedient way possible without unreasonable delay, but no more than seven (7) calendar days after the breach’s discovery.

3. Third-party Contractors’ Data Security and Privacy Plan

The District will ensure that contracts with all third-party contractors include the third-party contractor’s data security and privacy plan. This plan must be accepted by the District.

At a minimum, each plan will:

1. Outline how all state, federal, and local data security and privacy contract requirements over the life of the contract will be met, consistent with this policy.
2. Specify the safeguards and practices it has in place to protect PII.
3. Demonstrate that it complies with the requirements of Section 121.3(c) of the Commissioner’s Regulations.
4. Specify how those who have access to student and/or teacher or Building Principal data receive or will receive training on the federal and state laws governing confidentiality of such data prior to receiving access.
5. Specify if the third-party contractor will utilize sub-contractors and how it will manage those relationships and contracts to ensure personally identifiable information is protected.
6. Specify how the third-party contractor will manage data security and privacy incidents that implicate personally identifiable information (PII) including specifying any plans to identify breaches and unauthorized disclosures, and to promptly notify the District.
7. Describe if, how and when, at the District’s discretion, data will be returned to the District, transitioned to a successor contractor, deleted or destroyed by the third-party contractor when the contract is terminated or expires.

         D.  Children’s Online Privacy Protection Act (COPPA)

To facilitate an efficient and effective educational environment, the District utilizes various software applications, including the Canvas Learning Management Systems (“LMS”), Google Apps for Education and other software and web-based services operated by third parties. For example, students receive a Google email account to participate in the Google Apps for Education program used by MUFSD. A list of the programs with the privacy policy for each can be found on the District’s website.

In order for the District’s students to use these programs and services, certain PII must be provided to the third party operator (e.g., the student’s school-provided Gmail address).

Under federal law entitled the Children’s Online Privacy Protection Act (COPPA), these websites must provide parental notification and obtain parental consent before collecting personal information from children under the age of thirteen (13). The law permits school districts to consent to the collection of personal information on behalf of all of its students, thereby eliminating the need for individual parental consent given directly to the third-party operator.

More information on COPPA may be found at https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions

          E.  Training

The District will provide annual training on data privacy and security awareness to all officers and employees who have access to student and teacher/Building Principal PII.

          F.  Reporting

Any breach of the District’s information storage or computerized data which compromises the security, confidentiality, or integrity of student or teacher/Building Principal PII maintained by the District will be promptly reported to the DPO, the Superintendent and the Board of Education. The DPO will, upon belief that such breach and unauthorized release constitutes criminal conduct, report such breach and

unauthorized release to law enforcement in the most expedient way

possible and without unreasonable delay.

          G.  Notifications

The DPO will report every discovery or report of a breach or unauthorized release of student, teacher or Building Principal PII to the State’s Chief Privacy Officer without unreasonable delay, but no more than ten (10) calendar days after such discovery.

The District will notify affected parents/guardians, eligible students, teachers and/or Building Principals in the most expedient way possible, using clear and concise language that is plain and easy to understand, and without unreasonable delay, but no more than sixty (60) calendar days following its investigation of a complaint or after the discovery of a breach or unauthorized release or third-party contractor notification.

However, if notification would interfere with an ongoing law enforcement investigation or cause further disclosure of PII by disclosing an unfixed security vulnerability, the District will notify parents/guardians, eligible students, teachers and/or Building Principals within seven (7) calendar days after the security vulnerability has been remedied, or the risk of interference with the law enforcement investigation ends.

The Superintendent, or their designee, in consultation with the DPO, will establish procedures to provide notification of a breach or unauthorized release of student, teacher or Building Principal PII, and establish and communicate to parents/guardians, eligible students, and District staff a process for filing complaints about breaches or unauthorized releases of student and teacher/Building Principal PII.

2. “Private Information” under State Technology Law §208

“Private information” is defined in State Technology Law §208, and includes certain types of information, outlined in the accompanying regulation, which would put an individual at risk for identity theft or permit access to private accounts. “Private information” does not include information that is  lawfully  made available to the public pursuant to federal,  state or local government records.

Any breach of the District’s information storage or computerized data which compromises the security, confidentiality, or integrity of “private information” maintained by the District must be promptly reported to the Superintendent and the Board.

The Board directs the Superintendent, in accordance with appropriate business and technology personnel, to establish regulations which:

• Identify and/or define the types of private information that is to be kept secure
• Include procedures to identify any breaches of security that result in the release of private information, and
• Include procedures to notify persons affected by the security breach as required by law.

III.       Employee “Personal Identifying Information” under Labor Law § 203-d

Pursuant to Labor Law §203-d, the District will not communicate employee “personal identifying information” to the public unless required by law.  Personal identifying information includes:

1. Social security number
2. Home address or telephone number
3. Personal email address
4. Internet identification name or password
5. Parent’s surname prior to marriage, and
6. Drivers’ license number.

In addition, the District will protect employee social security numbers in that such numbers will not be:

1. Publicly posted or displayed
2. Visibly printed on any ID badge, card, or timecard
3. Placed in files with unrestricted access, or
4. Used for occupational licensing purposes.

Employees with access to such information will be notified of these prohibitions and their obligations.

The Manhasset School District (the “District”), in recognition of the risk of identity theft and unwarranted invasion of privacy, affirms its commitment to safeguarding student personally identifiable information (PII) in educational records from unauthorized access or disclosure in accordance with State and Federal law. The District establishes the following Parental Bill of Rights:

1. Student PII will be collected and disclosed only as necessary to achieve educational purposes in accordance with State and Federal Law.
2. A student's personally identifiable information cannot be sold or released for any marketing or commercial purposes by the district or any a third-party contractor. The District will not sell student personally identifiable information and will not release it for marketing or commercial purposes, other than directory information released by the district in accordance with District policy.
3. Parents have the right to inspect and review the complete contents of their child's education record (for more information about how to exercise this right, see Regulation 5500-R – Student Records).
4. State and federal laws, such as NYS Education Law §2-d and the Family Educational Rights and Privacy Act, protect the confidentiality of students’ personally identifiable information. Safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
5. A complete list of all student data elements collected by the State Education Department is available for public review at http://www.nysed.gov/data-privacy-security or by writing to: Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany, NY 12234
6. Parents have the right to have complaints about possible breaches and unauthorized disclosures of student data addressed. Complaints should be directed to Manhasset Union Free School District, Attention: Data Protection Officer, 200 Memorial Place, Manhasset NY, 11030, 516-267-7533, DPO@manhassetschools.org. Complaints may also be filed directly  to the New York State Education Department online at http://www.nysed.gov/data-privacy-security, by mail to the Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany, NY 12234 or by email to privacy@mail.nysed.gov or by telephone at 518-474-0937.
7. Parents have the right to be notified in accordance with applicable laws and regulations if a breach or unauthorized release of their student’s PII occurs.
8. Parents can expect that educational agency workers who handle PII will receive annual training on applicable federal and state laws, regulations, educational agency’s policies and safeguards which will be in alignment with industry standards and best practices to protect PII.
9. In the event that the District engages a third-party provider to provide, deliver or facilitate student educational services, the contractor or subcontractors will be obligated to adhere to the District’s data security and privacy policy and with State and federal laws to safeguard student PII, as well as to this Bill of Rights and required supplemental information for each contract.
10. This Parents’ Bill of Rights will be included with every contract or other written agreement entered into by the District with a third-party contractor if the contractor will receive PII. The Bill of Rights will also be supplemented to include information about each contract or other written agreement that the District enters into with a third-party contractor receiving student data or teacher or principal data, including: the exclusive purpose(s) for which PII Data will be used; how the third-party contractor will ensure that the subcontractors or other authorized persons will abide by all applicable confidentiality,  data protection and security requirements in state and federal law; the duration and date of expiration of the contract and what happens to PII Data upon the expiration of the contract; if and how the accuracy of PII Data collected can be challenged; where the student data or teacher of principal data will be stored, described in such a manner as to protect data security and the security protections taken to ensure such data will be protected and data security and privacy risks mitigated; and how PII Data will be protected using encryption while in motion and at rest. 
11. Parents can request information about third party contractors by contacting Manhasset Union Free School District, Attention: Data Protection Officer, 200 Memorial Place, Manhasset, NY 11030,                516-267-7526, DPO@manhassetschools.org or can access the information on the District website www.manhassetschools.org.
12. This Parents’ Bill of Rights and supplemental information for any contract or other written agreement with third-party contractors will be posted on the District’s website at: www.manhassetschools.org.

8635-E-2         PARENT BILL OF RIGHTS FOR STUDENT DATA PRIVACY AND SECURITY - THIRD PARTY CONTRACTOR SUPPLEMENT

AGREEMENT REGARDING DATA SECURITY AND PRIVACY

Agreement dated as of (INSERT DATE) by and between the Manhasset Union Free School District (“District”) and _______________________  (“Contractor”).  

WHEREAS, the District has entered into a contract or other written agreement, as defined in Part 121 of the Commissioner’s Regulations, with Contractor for certain services or products, a copy of which is annexed hereto; and 

WHEREAS, Contractor is a third-party contractor as defined in Part 121 of the Commissioner’s Regulations, that will receive student data or teacher or principal data from the District pursuant to said contract or other written agreement for purposes of providing services to the District; and 

WHEREAS the parties agree that if any provision of this Agreement conflicts with a provision of said contract or other written agreement, the provision as set forth in this Agreement shall supersede and prevail over said other provision. 

NOW, THEREFORE, in consideration of the mutual covenants, conditions and agreements contained herein, and for other good and valuable consideration, including the above-referenced contract or other written agreement, the Contractor and the District hereby agree as follows: 

1. The Contractor shall comply with all District policies and state, federal, and local laws, regulations, rules, and requirements related to the confidentiality of records and data security and privacy, including the District’s Parents’ Bill of Rights and Supplemental Information, annexed hereto and incorporated herein as Attachment “A”. 
2. The Contractor may receive personally identifiable information from student records (“Education Records”) and/or personally identifiable information from annual professional performance reviews of classroom teachers or principals that is confidential and not subject to release pursuant to Education Law § 3012-c and 3012-d (collectively, “PII Data”). The Contractor will, therefore, comply with the following provisions to maintain the security and confidentiality of personally identifiable information:  

1. adopt technologies, safeguards and practices in alignment with the NIST Cybersecurity Framework.
2. comply with the District’s data security and privacy policy.
3. limit the Contractor’s internal access to Education Records to individuals with legitimate educational interests.
4. use PII Data only for the purposes explicitly authorized by this Agreement and not for any other purpose.
5. not disclose any personally identifiable information from PII Data to any other party without prior written consent, unless disclosure is required by statute or court order and written notice is given to the District (notice is not required if it is expressly prohibited by a statute or court order).  
6. maintain reasonable safeguards to maintain confidentiality of personally identifiable information in PII Data.
7. use legally mandated encryption technology^[1] to protect data from unauthorized disclosure while the data is in motion or in the contractor’s custody; and
8. not sell, use or disclose student, teacher or principal personally identifiable information for any marketing or commercial purpose.

3. The Contractor represents and warrants that its contract or written agreement with the District includes the Contractor’s data security and privacy plan that is acceptable to the District, a copy of which is attached hereto and incorporated herein as Attachment “B”. The Contractor’s data security and privacy plan shall, at a minimum: 

1. outline how the Contractor will implement State and federal data security and privacy contract requirements for the life of the contract and is consistent with the school district’s data security and privacy policy.
2. specify administrative, operational and technical safeguards the third-party contractor will use to protect personally identifiable information.
3. show that it complies with requirements of §121.3(c) of the Commissioner’s Regulations.
4. specify how the third-party contractor’s employees and any assignees with access to student data, or teacher or principal data receive or will receive training on relevant confidentiality laws, before receiving access to such data.
5. specify if the third-party contractor will use subcontractors and how it will ensure personally identifiable information is protected.
6. specify an action plan for handling any breach or unauthorized disclosure of personally identifiable information and promptly notify the school district of any breach or unauthorized disclosure; and
7. describe whether, how and when data will be returned, transitioned to a successor contractor, deleted or destroyed when the contract ends or is terminated.

4. The Contractor must notify the District of any breach of security resulting in an unauthorized release of personally identifiable information from PII Data by the Contractor or the Contractor’s officers, employee’s, assignees or subcontractors. This notification must be made in the most expedient way possible and without delay. In addition, the Contractor must notify the District of the breach of security in writing. This written notification must be sent by the Contractor in the most expedient way possible and without unreasonable delay, and not later than seven (7) calendar days after discovery of the breach of security resulting in an unauthorized release of personally identifiable information from PII Data, to the designated District representative and either personally delivered or sent by nationally recognized overnight carrier to the District. In the case of an unauthorized release of personally identifiable information from PII Data by the Contractor or the Contractor’s officers, employees, assignees or subcontractors, the Contractor must reimburse the District for all the District’s costs associated with the District’s obligation to notify the State’s chief privacy officer, parents, students, teachers and/or principals of the unauthorized release. 

IN WITNESS WHEREOF, the parties hereto have set their respective hands and seals as of the date and year first above written.

DISTRICT                                                               CONTRACTOR

By:     _____________________                  By: _________________________

Date: ____________________                     Date: _______________________

CLICK HERE FOR 8635E3

This regulation addresses information and data privacy, security, breach and notification requirements for student and teacher/Building Principal personally identifiable information under Education Law §2-d, as well as private information under State Technology Law §208.

The District will inventory its computer programs and electronic files on a regular basis to determine the types of information that is maintained or used by the District and review the safeguards in effect to secure and protect that information.

I.          Student and Teacher/Building Principal “Personally Identifiable Information” (PII) under Education Law §2-d

1. Definitions

“Biometric record,” as applied to student PII, means one or more measurable biological or behavioral characteristics that can be used for automated recognition of person, which includes fingerprints, retina and iris patterns, voiceprints, DNA sequence, facial characteristics, and handwriting.

“Breach” means the unauthorized acquisition, access, use, or disclosure of student PII and/or teacher or Building Principal PII by or to a person not authorized to acquire, access, use, or receive the student and/or teacher or Building Principal PII.

“Disclose” or Disclosure mean to permit access to, or the release, transfer, or other communication of PII by any means, including oral, written, or electronic, whether intended or unintended.

“Personally Identifiable Information” (PII) as applied to students means personally identifiable information as defined in 34 CFR 99.3, which includes:

1. The student’s name
2. The name of the student’s parent/guardian or other family members
3. The address and email address of the student or student’s family
4. A personal identifier, such as the student’s social security number, student number, or biometric record
5. Other indirect identifiers, such as the student’s date of birth, place of birth, and mother’s maiden name
6. Other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty, or
7. Information requested by a person who the District reasonably believes knows the identity of the student to whom the education record relates.

“Personally Identifiable Information” (PII) as applied to teachers and Building Principals means results of Annual Professional Performance Reviews that identify the individual teachers and Building Principals, which are confidential under Education Law §§3012-c and 3012-d, except where required to be disclosed under state law and regulations.

“Third-Party Contractor” means any person or entity, other than an educational agency (i.e., a school, school District, BOCES or State Education Department), that receives student or teacher/Building Principal PII from the educational agency pursuant to a contract or other written agreement for purposes of providing services to such educational agency, including but not limited to data management or storage services, conducting studies for or on behalf of the District , or audit or evaluation of publicly funded programs. This includes an educational partnership organization that and receives student and/or teacher/Building Principal PII from a school District to carry out its responsibilities pursuant to Education Law §211-e (for persistently lowest-achieving schools or schools under registration review) and is not an educational agency. This also includes a not-for-profit corporation or other nonprofit organization, other than an educational agency.

2. Complaints of Breaches or Unauthorized Releases of PII

If a parent/guardian, eligible student, teacher, Building Principal or other District employee believes or has evidence that PII has been breached or released without authorization, they must submit this complaint in writing to the District. Complaints may be received by the Data Protection Officer, but may also be received by any District employee, who must immediately notify the Data Protection Officer. The Improper Data Disclosure Complaint Form can be used for the purpose of reporting. This complaint process and form will be communicated to parents, eligible students, teachers, Building Principals, and other District employees and will be posted on the District website. The District will acknowledge receipt of complaints promptly, commence an investigation, and take the necessary precautions to protect personally identifiable information.

Following its investigation of the complaint, the District will provide its findings within sixty (60) calendar days from the receipt of the complaint. If the District requires additional time, or if the findings may compromise security or impede a law enforcement investigation, the District will provide the complainant with a written explanation that includes the approximate date when the District will respond to the complaint.

The District will maintain a record of all complaints of breaches or unauthorized releases of student data and their disposition in accordance with applicable data retention policies, including the Records Retention and Disposition Schedule ED-1.

3. Notification of Student and Teacher/Building Principal PII Breaches

If a third-party contractor has a breach or unauthorized release of PII, it will promptly notify the Data Protection Officer (“DPO”) in the most expedient way possible, without unreasonable delay, but no more than seven (7) calendar days after the breach’s discovery.

The DPO will then notify the State Chief Privacy Officer of the breach or unauthorized release no more than ten (10) calendar days after it receives the third-party contractor’s notification using a form or format prescribed by the State Education Department.

The DPO will report every discovery or report of a breach or unauthorized release of student, teacher, or Building Principal data to the Chief Privacy Officer without unreasonable delay, but no more than ten (10) calendar days after such discovery.

The District will notify affected parents, eligible students, teachers and/or Building Principals in the most expedient way possible and without unreasonable delay, but no more than sixty (60) calendar days after the discovery of a breach or unauthorized release or third-party contractor notification.

However, if notification would interfere with an ongoing law enforcement investigation or cause further disclosure of PII by disclosing an unfixed security vulnerability, the District will notify parents, eligible students, teachers and/or Building Principals within seven calendar days after the security vulnerability has been remedied or the risk of interference with the law enforcement investigation ends.

Notifications will be clear, concise, use language that is plain and easy to understand, and to the extent available, include:

• A brief description of the breach or unauthorized release
• The dates of the incident and the date of discovery, if known
• A description of the types of PII affected
• An estimate of the number of records affected
• A brief description of the District’s investigation or plan to investigate, and
• Contact information for representatives who can assist parents or eligible students with additional questions.

Notification must be directly provided to the affected parent, eligible student, teacher, or Building Principal by first-class mail to their last known address, by email. or by telephone.

Where a breach or unauthorized release is attributed to a third-party contractor, the third-party contractor will pay for or promptly reimburse the District for the full cost of such notification.

The unauthorized acquisition of student social security numbers, student ID numbers, or biometric records, when in combination with personal information such as names or other identifiers, may also constitute a breach under State Technology Law §208 if the information is not encrypted, and the acquisition compromises the security, confidentiality, or integrity of personal information maintained by the District.  In that event, the District is not required to notify affected people twice but must follow the procedures to notify state agencies under State Technology Law §208 outlined in section II of this regulation.

II.        “Private Information” under State Technology Law §208

1. Definitions

                        “Private information” means either:

1. Personal information consisting of any information in combination with any one or more of the following data elements, when either the data element or the personal information plus the data element is not encrypted or encrypted with an encryption key that has also been accessed or acquired:

• Social security number
• Driver’s license number or non-driver identification card number
• Account number, credit, or debit card number, in combination with any required security code, access code, password or other information which would permit access to an individual’s financial account
• Account number or credit or debit card number, if that number could be used to access a person’s financial account without other information such as a password or code
• Biometric information (data generated by electronic measurements of a person’s unique physical characteristics, such as fingerprint, voice print, or retina or iris image) used to authenticate or ascertain a person’s identity, or

2.  A username or email address, along with a password, or security question and answer, that would permit access to an online account.

“Private information” does not include information that can lawfully be made available to the public pursuant to federal or state law or regulation.

“Breach of the security of the system” means unauthorized acquisition or acquisition without valid authorization of physical or computerized data which compromises the security, confidentiality, or integrity of personal information maintained by the District. Good faith acquisition of personal information by an officer or employee or agent of the District for the purposes of the District is not a breach of the security of the system, provided that the private information is not used or subject to unauthorized disclosure.

2. Procedure for Identifying Security Breaches

In determining whether information has been acquired, or is reasonably believed to have been acquired, by an unauthorized person or a person without valid authorization, the District will consider:

1. Indications that the information is in the physical possession and control of an unauthorized person, such as removal of lost or stolen computer, or another device containing information.
2. Indications that the information has been downloaded or copied.
3. Indications that the information was used by an unauthorized person, such as fraudulent accounts opened, or instances of identity theft reported; and/or
4. Any other factors which the District will deem appropriate and relevant to such determination.

3. Notification of Breaches to Affected Persons

Once it has been determined that a security breach has occurred, the District will take the following steps:

1. If the breach involved computerized data owned or licensed by the District, the District will notify those New York State residents whose private information was, or is reasonably believed to have been accessed or acquired by a person without valid authorization. The disclosure to affected individuals will be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, or any measures necessary to determine the scope of the breach and to restore the integrity of the system. The District will consult with the New York State Office of Information Technology Services to determine the scope of the breach and restoration measures.
2. If the breach involved computer data maintained by the District, the District will notify the owner or licensee of the information of the breach immediately following discovery, if the private information was or is reasonably believed to have been accessed or acquired by a person without valid authorization.

The required notice will include: (a) District contact information; (b) a description of the categories information that were or are reasonably believed to have been accessed or acquired without authorization; (c) which specific elements of personal or private information were or are reasonably believed to have been acquired; and (d) the telephone number and website of relevant state and federal agencies that provide information on security breach response and identity theft protection and prevention. This notice will be directly provided to the affected individuals by either:

1. Written notice
2. Electronic notice, provided that the person to whom notice is required has expressly consented to receiving the notice in electronic form, and that the District keeps a log of each such electronic notification. In no case, however, will the District require a person to consent to accepting such notice in electronic form as a condition of establishing a business relationship or engaging in any transaction.
3. Telephone notification, provided that the District keeps a log of each such telephone notification.

However, if the District can demonstrate to the State Attorney General that (a) the cost of providing notice would exceed $250,000; or (b) that the number of persons to be notified exceeds 500,000; or (c) that the District does not have sufficient contact information, substitute notice may be provided. Substitute notice would consist of all the following steps:

1. E-mail notice when the District has such address for the affected individual;
2. Conspicuous posting on the District’s website if they maintain one; and
3. Notification to major media.

However, the District is not required to notify individuals if the breach was inadvertently made by individuals authorized to access the information, and the District reasonably determines the breach will not result in misuse of the information, or financial or emotional harm to the affected persons. The District will document its determination in writing and maintain it for at least five (5) years and will send it to the State Attorney General within ten (10) days of making the determination.

Additionally, if the District has already notified affected persons under any other federal or state laws or regulations regarding data breaches, including the federal Health Insurance Portability and Accountability Act, the federal Health Information Technology for Economic and Clinical Health (HI TECH) Act, or New York State Education Law §2-d, it is not required to notify them again. Notification to state and other agencies is still required.

4. Notification to State Agencies and Other Entities

Once notice has been made to affected New York State residents,          the District shall notify the State Attorney General, the State Department of State, NYS Department of Education, and the State Office of Information Technology Services as to the timing, content, and distribution of the notices and approximate number of                                   affected persons. The NYSED Data Incident Reporting Form                            may be found in Exhibit 8635-E-3, or at http://www.nysed.gov/common/nysed/files/programs/data-privacy-security/nysed-cpo-data-incident-reporting-form.pdf

If more than 5,000 New York State residents are to be notified at one time, the District will also notify consumer reporting agencies as to the timing, content and distribution of the notices and the approximate number of affected individuals.  A list of consumer reporting agencies will be furnished, upon request, by the Office of the State Attorney General.

If the District is required to notify the U.S. Secretary of Health and Human Services of a breach of unsecured protected health information under the federal Health Insurance Portability and Accountability Act (HIPAA) or the federal Health Information Technology for Economic and Clinical Health (HI TECH) Act, it will also notify the State Attorney General within five (5) business days of notifying the Secretary.