South Orangetown Central School District

Last week, Director of Technology George Brady delivered a presentation to the Finance Advisory Council and Audit Committee on the District’s efforts to safeguard data privacy and security. The Council and Committee are composed of Board of Education members and community members with industry expertise.

“We’re working proactively to mitigate risks and avoid vulnerabilities that could compromise and disrupt operations,” said Executive Director of Finance and Management Services Alicia Koster, noting that the Council and Committee work collaboratively with administrators on audits and the testing, review and implementation of action plans.

Over the past several years, the District has invested in bolstering the security of its network and data. “The networking infrastructure was rebuilt with security in mind,” explained Brady. “All user accounts, access and rights have been reviewed and the level of student and district staff access has been tightened. Data management has been migrated to cloud-based services, which are more secure than in-house IT (information technology), and we’ve enhanced training for our staff. Obviously, these are just a few examples of a much broader strategy we have in place.”

The district has also participated in internal and New York State Comptroller Audits and, last spring, engaged a third-party organization to conduct a comprehensive assessment of its network and wireless infrastructures, external access to the district, internal network security, server and workstation security and backend management processes.

“Regretfully, the educational technology landscape has changed for K-12 public schools,” said Brady. “With the increase in cyber-attacks directed at education, public school districts must be hypervigilant regarding the security of district data. We are pleased to report that our external technology auditor found the general state of our network to be ‘very good’ and ‘well thought-out, well-documented and well-maintained.’ This is evidence of the hard work our technology team does to protect our district’s data and systems.”

Brady also discussed state and federal legislation pertaining to school district management of data, including New York State Education Law Section §2-d, the Family Educational Rights and Privacy Act (FERPA), Protection of Pupil Rights Amendment (PPRA) and Children’s Online Privacy Protection Act (COPPA). Education Law 2-d requires school districts to adopt and publish a Data Security and Privacy Policy aligned with the National Institute for Standards and Technology Cybersecurity Framework online by July 1, 2020 and appoint a Data Protection Officer to oversee data security and privacy. Although regulatory compliance and proactive efforts to safeguard systems is critical, it is also labor- and resource-intensive. No additional state or federal funding has been set aside for this purpose, leaving school districts to shoulder the financial burden on their own.

Students are also part of the conversation. Safe and responsible use of technology is a recurring theme in the District’s technology education program, starting in kindergarten. Families are encouraged to learn more about data privacy and security by exploring the following resources:


Committee members at conference table with Director of Technology speaking