Resources

On June 8, 2020 the Board of Regents adopted emergency regulations that afford essential flexibility for educators, students and professionals to address issues due to the COVID-19 pandemic. Use this link to access the full regulations.

The emergency regulations provide guidance on the Adoption and Publishing of Data Security and Privacy Policy Deadline. The emergency regulations extend the date required for the adoption and publishing of data security and privacy policies by educational agencies from July 1, 2020 to October 1, 2020.

Below are resources developed by a partnership of the New York Regional Information Centers to support schools in the implementation of these regulations.

NYSED Documents and Information

New York State Education Department news and updates from the Office of Communications.

NYSED Ed Law 2-d
New York State Education Law Section 2-d and the Family Educational Rights and Privacy Act provide clear protections for student data, and NYSED is committed to complying with all applicable laws. The New York State Department of Education has committed to promoting the least intrusive data collection policies practicable that advance the goals of improving academic achievement, empowering parents with information and advancing efficient and effective school operations while minimizing the collection and transmission of personally identifiable information, and will work to ensure that this is reflected in the practices of every educational agency in New York State by developing policies and standards that will provide clear guidance to the field.

Part 121 Regulations
Regulatory changes to increase information security measures to safeguard the Personally Identifiable Information (PII) of students and certain school personnel. Part 121 regulations outline requirements for educational agencies and their third-party contractors to ensure the security and privacy of such protected information and were developed in consultation with stakeholders and the public.

Emergency Regulations
On June 8, 2020 the Board of Regents adopted emergency regulations that afford essential flexibility for educators, students and professionals to address issues due to the COVID-19 pandemic.

NYSED Data Privacy and Security Policy
This policy addresses NYS Education Department’s (the Department or SED) responsibility to adopt appropriate administrative, technical and physical safeguards and controls to protect and maintain the confidentiality, integrity and availability of its data, data systems and information technology resources.

NYSED Parents' Bill of Rights
The New York State Education Department collects and maintains certain personally identifiable information about students enrolled in public schools across the state. Education Law § 2-d requires each educational agency in the State of New York to develop a Parents’ Bill of Rights for Data Privacy and Security and publish it on its website.

Data Protection & 2020-2021 Planning

The Regional Information Centers have developed The Data Protection & 2020-2021 Planning resource document which can help facilitate these requirements. The document includes updated information on Ed Law 2-d Part 121 Requirements and sample contract addendum and data sharing agreements.

DATA PROTECTION & 2020-2021 PLANNING

Overview and Toolkit for Part 121 of the Commissioner's Regulations

The Part 121 regulations are composed of nine requirements. The following documents will help you gain a better understanding of those requirements as a whole and provide you with a toolkit to aid you in implementing the regulations in your district. Separate documents have also been created for individual requirements and can be found in the other sections of the resources page.

Complete Overview
Complete Toolkit

Data Security for Educators

This video and resource document were developed by the Regional Information Centers as free training tools to support all districts in improving their data security posture. The video begins with comments from data security experts in the education sector. Then, the video provides an overview of the five data protection reminders outlined on the handout. If you have specific questions about data privacy and security, please contact your local RIC.

Companion Document
Data Security for Educators

PROTECTION OF PERSONALLY IDENTIFIABLE INFORMATION (PII)

Regulations 121.2 and 121.5
Protect the confidentiality of personally identifiable information of students (FERPA) and personally identifiable information of teachers and principals (APPR).

Overview
Toolkit
Data Protection & 2020-2021 Planning Guide

BILL OF RIGHTS FOR DATA PRIVACY AND SECURITY

Regulation 121.3
Adopt and post on website a Parents' Bill of Rights for Data Privacy and Security, with supplemental information about each written agreement with a third-party contractor (vendor) that involves disclosure of PII.

Overview
Toolkit
Data Protection & 2020-2021 Planning Guide

DATA SECURITY AND PRIVACY POLICY

Regulation 121.5
Adopt and post a Data Security and Privacy Policy that includes adherence to the NIST Cybersecurity Framework to protect PII.

Overview
Toolkit
Data Protection & 2020-2021 Planning Guide

NIST CYBERSECURITY FRAMEWORK

Regulation 121.5
Apply the planning,processes,and categories of information protection defined within the NIST Cybersecurity Framework to district practices and systems.

Overview
Toolkit
NIST Framework District Readiness Tool
NIST Framework Core
NIST Framework Core Deck
Data Protection & 2020-2021 Planning Guide
NIST Cybersecurity Framework (XLSX)

THIRD-PARTY CONTRACTS

Regulations 121.2, 121.3, 121.6, 121.9, 121.10
Whenever the educational agency discloses PII to a third-party contractor, ensure that the written agreement for using the product or services includes the language required by Education Law.

Overview
Toolkit
Statewide Contracts
Data Protection & 2020-2021 Planning Guide