Data Security and Privacy

The Downsville Central School District is committed to protecting the privacy and security of each and every student’s data. Parents should be aware of the following rights they have concerning their child’s data.

Definition

“Protected Data” means personally identifiable data of students from student education records as defined by the Family Educational Rights and Privacy Act (FERPA), as well as teacher and Principal data regarding annual professional performance reviews made confidential under New York Education Law §3012-c and §3012-d.

Requirements

  1. Publication: This policy shall be published on the District's website and notice of the policy provided to all officers and employees of the District.

  2. The District shall provide the data protection, as well as the protection of parent and eligible student's right sand rights to challenge the accuracy of such data required by FERPA (20 USC §1232g), IDEA (20 USC §1400 et. Seq.) and any implementing regulations.

  3. The District hereby adopts the National Institute for Standards and Technology (NIST) Cybersecurity Framework (CSF) in accordance with the Commissioner's Regulations.

  4. Every contract or other written agreement with a third-party contractor under which the third-party contractor will receive protected student data or teacher or principal data shall include a data security and privacy plan that outlines how all state, federal, and local data security and privacy contract requirements will be implemented over the life of the contract, consistent with this policy.

  5. Nothing contained in this policy or the District's Data Security and Privacy Plan shall be construed as creating a private right of action against the District.

  6. Every use and disclosure of personally identifiable information, as defined by FERPA, shall be for the benefit of students and the educational agency. Examples of such benefit are provided in implementing regulations.

  7. The District shall not sell or disclose for marketing or commercial purposes any Protected Data, or facilitate its use of disclosure by any other party for any marketing or commercial purpose, or permit another party to do so.

  8. The District shall take steps to minimize its collection, process, and transmission of Protected Data.

  9. Except as required by law, or in the case of enrollment data, the District shall not report to NYSED Juvenile Delinquency records, criminal records, medical health records, or student biometric information.

  10. All contracts with vendors that have access to Protected Data shall comply with NIST Cybersecurity Framework.

Education Law 2-d | 8 NYCRR Part 121 | Adopted 09/28/2020

Bill of Rights for Data Privacy and Security (Parents' Bill of Rights)
(nysed.gov)

Education Law § 2-d requires each educational agency in the State of New York to develop a Parents’ Bill of Rights for Data Privacy and Security and publish it on its website. 

The purpose of the Parents’ Bill of Rights is to provide information to parents (which also include legal guardians or persons in parental relation to a student, but generally not the parents of a student who is age eighteen or over) and eligible students about certain legal requirements that protect personally identifiable information pursuant to state and federal laws.   

DCSD Bill of Rights for Data Privacy and Security (Parents' Bill of Rights) can be viewed and downloaded using the link below.

Parents' Bill of Right for Data Privacy and Security

Supplemental Information for NYSED Contracts
(nysed.gov)

Education Law 2-d requires each educational agency to post the Bill of Rights for Data Privacy and Security (Parents' Bill of Rights) and Supplemental Information for each contract where a third party contractor receives student data and/or teacher or principal data from DCSD.

A list of contracts to which this applies is available by clicking the title link below.

DCS Supplemental Information

Click links below to review some relatable policy's from our DCSD Board Policy Manual:
Policy 5000 - Student Records -DCSD FERPA
Policy 5100 - Protection of Pupil Rights
Policy 1400 - Internet Protection
Policy 1450 - Data Security and Privacy Policy
Policy 1425 - Data Privacy Breach

Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to Privacy Complaint, Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany, New York 12234. Complaints may also be submitted using the form available at the following website http://www.nysed.gov/student-dataprivacy/form/report-improper-disclosure.