NYS Education Law § 2-d pertains to the unauthorized release of personally identifiable information (PII).

The Board of Regents adopted Part 121 of the Regulations of the Commissioner of Education on January 13, 2020. These rules will implement Education Law Section 2-d and provide guidance to educational agencies and their third-party contractors on ways to strengthen data privacy and security to protect student data and teachers' annual professional performance review data. The regulation went through multiple sets of revisions and three rounds of public comments. It applies to both charter and traditional public schools.

• NYS Education Law § 2-d Inventory of Data Elements
• Here is a link to a short video overview of Education Law § 2-d Part 121 

NYSED's Chief Privacy Officer can be contacted at Privacy@NYSED.gov

Parents’ Bill of Rights for Data Privacy and Security

The Sag Harbor School District is committed to protecting the privacy and security of each and every student’s data. Parents should be aware of the following rights they have concerning their child’s data.

• View Parents' Bill of Rights

Privacy and Security For Student, Teacher, and Principal Data

The Board of Education recognizes its responsibility to enact policies that provide privacy for student, teacher, and principal data in accordance with the law. This is particularly relevant in the context of the administration of student data which is collected, surveys that collect personal information, the disclosure of personal information for marketing purposes, and in conducting physical exams.

• View Sag Harbor's Information and Data Privacy Security Policy
• NYSED Data Security and Privacy Policy

This policy addresses NYS Education Department’s (the Department or SED) responsibility to adopt appropriate administrative, technical, and physical safeguards and controls to protect and maintain the confidentiality, integrity, and availability of its data, data systems, and information technology resources.

• Link to NYSED Data Elements

Software (programs/web-based applications) used in the District, both free and subscription-based, are vetted for compliance with New York State Education Law-2d. This is a list that will be updated throughout the year. A link to the Privacy Policy contains additional information specific to the company's policies. In addition, where appropriate, we have included supplemental information that further explains the protection of student and staff data.

• District Software Inventory List

*Approved Google extensions are based on our approved software inventory list.

Google Chrome extensions are typically created by 3rd party vendors. The majority of extensions are not part of the Google for Education Suite. Google Chrome extensions are from 3rd party vendors and do not fall under our data privacy agreement with Google. Be mindful of websites that allow a "Sign in with Google." This does not necessarily mean it is permissible to access that site using the Sag Harbor Google credentials. Signing in with Google often passes data without the users' knowledge and should not be used unless they are on the District Software approved list (see link above).

• Family Educational Rights and Privacy Act (FERPA) – The foundational federal law on the privacy of students’ educational records, FERPA safeguards student privacy by limiting who may access student records, specifying for what purpose they may access those records, and detailing what rules they have to follow when accessing the data.
• Protection of Pupil Rights Amendment (PPRA) – PPRA defines the rules states and school districts must follow when administering tools like surveys, analysis, and evaluations funded by the US Department of Education to students. It requires parental approval to administer many such tools and ensures that school districts have policies in place regarding how the data collected through these tools can be used.
• Children's Online Privacy Protection Rule (COPPA) – COPPA imposes certain requirements on operators of websites, games, mobile apps or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.

Source: NYSED

• Online privacy and safety resources from NYSED
• Parent fact sheets from NYSED