Data Privacy and Security

New York State Education Law gives parents, guardians, students and staff the right to information about how the district safeguards student and staff data.

Parents’ Bill of Rights for Data Privacy and Security

  1. A student’s personally identifiable information (PII) cannot be sold or released for any commercial or marketing purposes. PII includes direct identifiers such as a student’s name or identification number, parent’s name, or address; and indirect identifiers such as a student’s date of birth, which when linked to or combined with other information can be used to distinguish or trace a student’s identity. 
  2. In accordance with FERPA and Section 2-D of the New York State Education Law, parents have the right to inspect and review the complete contents of their child’s education record;
  3. State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls and password protection, must be in place when data is stored or transferred;
  4. Safeguards associated with industry standards and best practices including but not limited to encryption, firewalls and password protection must be in place when student PII is stored or transferred.
  5. A complete list of all student data elements collected by the State is available for public review at http://www.p12.nysed.gov/irs/sirs/ or by writing to the Chief Privacy Officer, New York State Education Department (SED), 89 Washington Avenue, Albany NY 12234, email to CPO@mail.nysed.gov.
  6. To be notified in accordance with applicable laws and regulations if a breach or unauthorized release of PII occurs.
  7. District employees that handle PII will receive training on applicable state and federal laws, policies, and safeguards associated with industry standards and best practices that protect PII.
  8. District contracts with vendors that receive PII will address statutory and regulatory data privacy and security requirements.

Submitting a complaint

Parents have the right to submit complaints about possible breaches of student data. Any such complaint must be submitted, in writing, to: Jeff Rivenburg, Business Official / Chief Information Officer, Duanesburg Central School District, 133 School Drive, Delanson, NY 12053; (518) 895-3000, ext. 321; email jrivenburg@duanesburg.org.

The State complaint process is under development and will be established through regulations to be proposed by NYSED’s Chief Privacy Officer, who has not yet been appointed. 

Additional student data privacy information

The Parents’ Bill of Rights for Data Privacy and Security is subject to change based on regulations of the commissioner of education and the SED chief privacy officer, as well as emerging guidance documents from SED. For example, these changes/additions will include requirements for districts to share information about third-party contractors that have access to student data, including:

  • How the student, teacher or principal data will be used
  • How the third-party contractors (and any subcontractors/others with access to the data) will abide by data protection and security requirements
  • What will happen to data when agreements with third-party contractors expire
  • If and how parents, eligible students, teachers or principals may challenge the accuracy of data that is collected
  • Where data will be stored to ensure security and the security precautions taken to ensure the data is protected, including whether the data will be encrypted.