DATA PRIVACY AND SECURITY

Data Privacy at GST BOCES

GST BOCES is committed to maintaining the privacy and security of student data and teacher and principal data and will follow all applicable laws and regulations for the handling and storage of this data in GST BOCES and when disclosing or releasing it to others, including, but not limited to, third-party contractors. GST BOCES adopts this policy to implement the requirements of Education Law Section 2-d and its implementing regulations, as well as to align GST BOCES data privacy and security practices with the National Institute for Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity.

Below you will find the GST BOCES policies and information for the GST BOCES Board of Education adopted Data Security and Privacy Policy, FERPA and Directory information policy, Data Privacy Software Inventory, Parent's Bill of Rights, and information to report a potential breach of information. If you have any questions please contact our Data Protection Officer Rob McKenzie at dpo@gstboces.org or 607-795-2277.

Link to GST BOCES Board of Education adopted policy on Data Privacy and Security

Link to GST BOCES Board of Education adopted policy on FERPA and Directory Information

The Data Privacy Software Inventory

New York State Education Law Section 2-d requires that all school districts introduce an inventory of programs used in the school environment on their websites and make such a document publicly available. Schools must also provide a clear description of the various data elements collected by the programs and applications including student, teacher and administrator Personally Identifiable Information (PII). To that end, we are pleased to introduce just such an inventory which is listed below.

View the Data Privacy Software Inventory

After reviewing this new resource, if you have any questions, please feel free to email DPO@gstboces.org

GST BOCES Parent's Bill of Rights

PARENTS BILL OF RIGHTS FOR DATA PRIVACY AND SECURITY

GST BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:

(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.

(2) Parents have the right to inspect and review the complete contents of their child's education record.

(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.

(4) A complete list of all student data elements collected by the State is available for public review at http://www.nysed.gov/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 89 Washington Avenue, Albany, New York 12234.

(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany, New York 12234. Complaints may also be submitted using the form available at the following website http://www.nysed.gov/data-privacy-security/report-improper-disclosure.

APPENDIX

Supplemental
Information Regarding Third-Party Contractors

In the course of complying with its obligations under the law and providing educational services, GST BOCES has entered into agreements with certain third-party contractors. Pursuant to such agreements, third-party contractors may have access to "student data" and/or "teacher or principal data," as those terms are defined by law.

Each contract the BOCES enters into with a third party contractor where the third party contractor receives student data or teacher or principal data will include the following information:

(1) the exclusive purposes for which the student data or teacher or principal data will be used;

(2) how the third party contractor will ensure that the subcontractors, persons or entities that the third party contractor will share the student data or teacher or principal data with, if any, will abide by data protection and security requirements;

(3) when the agreement expires and what happens to the student data or teacher or principal data upon expiration of the agreement;

(4) if and how a parent, student, eligible student, teacher or principal may challenge the accuracy of the student data or teacher or principal data that is collected; and

(5) where the student data or teacher or principal data will be stored (described in such a manner as to protect data security), and the security protections taken to ensure such data will be protected, including whether such data will be encrypted.

Download the above text as a PDF - Parent's Bill of Rights

After reviewing this new resource, if you have any questions, please feel free to email DPO@gstboces.org

Reporting Possible Improper Disclosure or Breach of Information

Instructions: New York State Education Law Section 2-d requires that all school districts introduce an inventory of programs used in the school environment on their websites and make such a document publicly available. Schools must also provide a clear description of the various data elements collected by the programs and applications including student, teacher and administrator Personally Identifiable Information (PII). These reports are confidential. Please contact GST’s Data Privacy Officer to check on the status of a report.