Data Privacy and Security
Lauren Maguire
Director of Technology and Innovation and Data Privacy Officer
maguirel@gcufsd.net
What is NYS Education Law § 2-d?
Education Law § 2-d protects student personally identifiable information (PII) from unauthorized disclosure.
Additionally, Education Law § 2-d provides parents with rights regarding their child's PII.
The Board of Regents adopted Part 121 of the Regulations of the Commissioner of Education on January 13, 2020. These rules will implement Education Law Section 2-d and provide guidance to educational agencies and their third-party contractors on ways to strengthen data privacy and security to protect student data and annual professional performance review data. The regulation went through multiple sets of revisions and three rounds of public comments and will go into effect January 29, 2020. It will apply to both charter and traditional public schools. We thank the members of the Data Privacy Advisory Council, implementation planning and drafting workgroups that supported the Department’s Chief Privacy Officer, Temitope Akinyemi, through this process
Federal Laws that Protect Students
Family Educational Rights and Privacy Act (FERPA) – The foundational federal law on the privacy of students’ educational records, FERPA safeguards student privacy by limiting who may access student records, specifying for what purpose they may access those records, and detailing what rules they have to follow when accessing the data.
Protection of Pupil Rights Amendment (PPRA) – PPRA defines the rules states and school districts must follow when administering tools like surveys, analysis, and evaluations funded by the US Department of Education to students. It requires parental approval to administer many such tools and ensures that school districts have policies in place regarding how the data collected through these tools can be used.
Children's Online Privacy Protection Rule (COPPA) – COPPA imposes certain requirements on operators of websites, games, mobile apps or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.
Source: NYSED.gov