Print View

Education Law 2D Compliance Information

 

Data Protection Officer and Director of Technology

  • Sarah Graham - sgraham@clake.org  716-753-5870
  • Taylor Meleen - tmeleen@clake.org  716-753-5820

Data Privacy and Security Policy 

In January 2020, the NYSED Board of Regents adopted Part 121 of the Commissioner's Regulations for the Strengthening of Data Privacy & Security in NYS Educational Agencies to Protect Personally Identifiable Information (PII) pursuant to Education Law sections 2-d, 101, 207, and 305.  The district policies were adopted on  May 14, 2020.

The Chautauqua Lake CSD policies details specific privacy protections that ensure:

  • Every use and disclosure of personally identifiable information (PII) by Chautauqua Lake CSD shall benefit students and the Chautauqua Lake CSD, such as improve academic achievement; advance efficient and effective school operations; empower families and students with information.
  • Personally identifiable information (PII) shall not be included in public reports or documents;
  • Parents, legal guardians, and eligible students (students who are age 18 or older) are afforded all the protections, where applicable, under the Family Education Rights Privacy Act (FERPA) and the Individuals with Disabilities Act (IDEA) and the federal regulations for implementing those statutes;
  • Alignment with the National Institute for Standards & Technology (NIST) Cybersecurity Framework.
  • Annual training and notification for employees that handle student, teacher and/or principal PII.
  • Publication of the Chautauqua Lake CSD data security and privacy policy on its website for its community of stakeholder.

BOE Policy 5676 - Privacy and Security for Student Data and Teacher and Principal Data

BOE Policy 5672 - Information Security Unauthorized release of Data and Notification

 

Parents' Bill of Rights for Data Privacy and Security

The purpose of the Parents’ Bill of Rights is to inform parents (which also include legal guardians or persons in parental relation to a student, but generally not the parents of a student who is age eighteen or over) of the legal requirements regarding privacy, security and use of student data. In addition to the federal Family Educational Rights and Privacy Act (FERPA), Education Law §2-d provides important new protections for student data, and new remedies for breaches of the responsibility to maintain the security and confidentiality of such data.  Parent Bill of Rights for Data Privacy and Security is linked at the bottom of this page.

 

Vendor Contracts to Protect Student and Staff PII (personally identifiable information)

We are compiling the following information about each agreement between Chautauqua Lake Central School District and an outside party that receives protected student data, or protected principal or teacher data, from the district:

  1. the exclusive purposes for which the data will be used,
  2. how the contractor will ensure that any subcontractors it uses will abide by data protection and security requirements,
  3. when the contract expires and what happens to the data at that time,
  4. if and how an affected party can challenge the accuracy of the data,
  5. where the data will be stored, and
  6. the security protections taken to ensure the data will be protected, including whether the data will be encrypted.

The link below will take you to that information for the listed agreements.  We will be updating this list as new systems come and go from the school district.  Most of our system are purchased through Erie 1 or Erie 2 BOCES and are subsequently covered under those organizations agreement with the vendor.  Any systems that we do NOT purchase through BOCES requires a separate contract between the vendor and the school district.

BOCES and Third Party Vendor Ed Law 2D Contracts

 

Inventory of Student Data Collected by the New York State Education Department 

As required by New York State Education law Section 2-d,  NYSED publishes a list of the data elements that it collects from NYS school districts and the purpose of the data collection. 

NYSED Inventory List of Student Data Collected

 

Complaint Procedures for Unauthorized Data Disclosure / Data Breach 

Parents, legal guardians, eligible students (students who are at least 18 years of age or attending a post-secondary institution at any age), principals, teachers, and employees of an educational agency may file a complaint about a possible data breach or improper disclosure of student data and/or protected teacher or principal data. 

  • To submit a complaint, please click the form link:  Un-Authorized Release / Data Security Incident Reporting Form 
  • Completed forms will be sent to the district Data Protection Officer, Ms. Sarah Graham
  • Ms. Graham, or assigned designee, will contact the complainant by phone or email to review the complaint, and initiate an investigation.
  • Investigations will be completed and finalized in a reasonable amount of time, typically, within 60 calendar days from the receipt of the complaint. In the event the investigation needs to extend beyond 60 days, due to extenuating circumstances, the complainant will be contacted to inform them of the delay and the expected timeline for completion.
  • Chautauqua Lake CSD will maintain a record of all complaints of data breaches or unauthorized releases of student/staff data & their disposition in accordance with applicable data retention policies, and report complaint reports & investigations as directed by NYS Ed Law 2d / Part 121 Regulations to the NYSED Chief Privacy Officer. 

Resources
Parents Bill of Rights ( 167.8 KB )
Prepared by the NYS Education Department 7/29/2014
Policy 5676 - Privacy and Security for Student Data and Teacher and Principal Data ( 116.4 KB )

For technical questions and comments regarding this website, please contact the Webmaster.

Success!