Skip to content

Parents Bill of Rights For Data Privacy and Security

The Fort Plain CSD is committed to ensuring student privacy in accordance with local, state and federal regulations and district policies.

To this end, and U.S. Department of Education regulations (Education Law, Education Law §2-d), the district is providing the following Parents’ Bill of Rights for Data Privacy and Security. This includes information about every contract a school district enters into with a third party contractor where the third party contractor receives student data or teacher or principal data.

Parents’ Bill of Rights for Data Privacy and Security

  • A student’s personally identifiable information cannot be sold or released for any commercial or marketing purposes.
  • Parents/guardians have the right to inspect and review the complete contents of their child’s education record, including any student data maintained by the Fort Plain CSD.
  • State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices – including but not limited to, encryption, firewalls and password protection – must be in place when data is stored or transferred.
  • A complete list of all student data elements collected by the state is available for public review in an Excel file at http://www.p12.nysed.gov/irs/sirs/ (NYSED Data Elements List).
  • Parents/guardians may also obtain a copy of this list by writing to the Office of Information and Reporting Services, New York State Education Department, Room 863 EBA, 89 Washington Avenue, Albany, New York 12234.
  • Parents have the right to be notified in accordance with applicable laws and regulations if a breach or unauthorized release of their student’s PII occurs.
  • Educational agency workers that handle PII will receive training on applicable state and federal laws, the educational agency’s policies, and safeguards associated with industry standards and best practices that protect PII.
  • Education agency contracts with vendors that receive PII address statutory and regulatory data privacy and security requirements. Such supplemental information shall be developed by the educational agency and shall include:
    • the exclusive purposes for which the student data or teacher or principal data will be used;
    • how the third party contractor will ensure that the subcontractors, persons or entities that the third party contractor will share the student data or teacher or principal data with, if any, will abide by data protection and security requirements;
    • when the agreement expires and what happens to the student data or teacher or principal data upon expiration of the agreement;
    • if and how a parent, student, eligible student, teacher or principal may challenge the accuracy of the student data or teacher or principal data that is collected; and
    • where the student data or teacher or principal data will be stored (described in such a manner as to protect data security), and the security protections taken to ensure such data will be protected, including whether such data will be encrypted.

The chief privacy officer, to be appointed by the Education Commissioner, with input from parents and other education and expert stakeholders, may develop additional elements of the parents bill of rights for data privacy and security.

In addition, the Commissioner is required to promulgate regulations for a comment period whereby parents and other members of the public may submit comments and suggestions to the chief privacy officer to be considered for inclusion.