EDUCATION LAW §2-D BILL OF RIGHTS FOR DATA PRIVACY AND SECURITY
8635-E1 APPENDIX “A”

The South Orangetown Central School District is committed to protecting the privacy and security of student data and classroom teacher and building principal data. In accordance with New York Education Law §2-d and its implementing regulations, the District hereby informs the school community of the following:

1. A student’s personally identifiable (“PII”) information, as defined byEducation Law § 2-d and the Family Educational Rights and Privacy Act (“FERPA”) cannot be sold or released for any commercial or marketing purpose. See 34 CFR § 99.3 for a complete definition of what constitutes PII under Education Law Section § 2-d.
2. Parents (including legal guardians or personal in parental relationships) have the right to inspect and review the complete contents of their child’s education record. Further,Eligible Students (students who have reached 18 years of age or older) have the right to review the complete contents of their education records stored or maintained by the educational agency.
3. State and federal laws and their implementing regulations (such as Education Law § 2-d, with regulations at 8 NYCRRPart 121, FERPA at 12 U.S.C.1232g with regulations at 33CFR Part 99 and the Individuals with Disabilities Education Act [“IDEA”] at 20 U.S.C.1400 et seq., with regulations at 34 CFR Part 300) protect the confidentiality of personally identifiable information.
4. Safeguards associated with industry standards and best practices, including but not limited to encryption,
   firewalls, and password protection, must be in place when PII is stored or transferred.
5. A complete list of all student data elements collected by the New YorkState Education Department is available at the following website: www.nysed.gov/data-privacy-security, or by writing to the Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany, New York 12234.
6. Complaints by parents, eligible students, classroom teachers, building principals or other staff of the educational agency about possible breaches or improper disclosures of PII shall be addressed through the submission of written complaints. Complaints should be directed in writing by completing the form linked here: Improper Disclosure of Data or Breach Incident Form which will be forwarded to dataprivacy@socsd.org, the Data Privacy Officer. In addition, complaints may be directed to the Chief Privacy Officer of the New York State Education Department, by mail at 89 WashingtonAvenue, Albany, New York 12234; by email to privacy@nysed.gov; or by telephone at 518-474-0937.
7. Parents, eligible students, classroom teachers and building principals have the right to be notified in accordance with applicable laws and regulations if a breach or unauthorized release of PII occurs.
8. School District employees and officers who have access to PII shall annually receive data privacy and security awareness training. Such training shall include training on state and federal laws that protect PII and how to comply with such laws, as well as applicable policies, and safeguards associated with industry standards and best practices.
9. School District contracts with third-party contractors that receive PII will address statutory and regulatory data privacy and security requirements.

Supplemental Information for Third-Party Contracts

Information for Vendors

Information for Parents