In accord with Education Law §2-d and the Family Educational Rights and Privacy Act (“FERPA”), the District hereby establishes and adopts the following Parents’ Bill of Rights for Data Privacy and Security:

1. A student’s personally identifiable information (PII) cannot be sold or released by the District for any commercial or marketing purposes.
2. Parents have the right to inspect and review the complete contents of their child's education record, including any student data stored or maintained by the District. This right of inspection is consistent with the requirements of the Family Educational Rights and Privacy Act (FERPA) and Board Policy. In addition to the right of inspection of the student’s educational record, Education Law §2-d provides a specific right for parents to inspect or receive copies of any data in the student’s educational record.
3. The rights of parents and students under FERPA can be accessed at http://www2.ed.gov/policy/gen/guid/fpco/ferpa/lea-officials.html. In addition to review, these rights include how to challenge the accuracy of the content of a student’s educational record.
4. State and federal laws protect the confidentiality of PII. Safeguards associated with industry standards and best practices, including, but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred. The District is committed to implementing the aforementioned safeguards and adopting industry standards and best practices to ensure the safety of the data it collects.
5. A complete list of all student data elements collected by the State is available for public review at http://www.p12.nysed.gov/irs/sirs/documentation/NYSEDstudentDATA.xlsx, or parents may obtain a copy of this list by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 89 Washington Avenue, Albany, NY 12234.
6. Parents have the right to file complaints with the District or with NYSED about possible privacy breaches of student data by the District’s third-party contractors or their employees, officers, or assignees. Complaints regarding student data breaches filed with the District should be directed to the Data Protection Officer, Carthage Central School District, 36500 NYS Route 26, Carthage, New York 13619, dpo@carthagecsd.org, 315-493-2529. Complaints to NYSED should be directed in writing to the Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany, NY 12234, or via email to CPO@mail.nysed.gov.

Please note that the complaint process is currently under development and has not yet been finalized, and that the State Education Department’s Chief Privacy Officer has not yet been appointed.

1. a) The exclusive purposes for which the student, teacher, or principal data will be used; b) How the third-party contractor will ensure that any subcontractors, persons, or entities with whom the data is shared will abide by data protection and security requirements; c) When the agreement with the third-party contractor expires and what happens to the data upon expiration; d) If and how a parent, student, eligible student, teacher, or principal may challenge the accuracy of the data collected; and e) Where the data will be stored (described in such a manner as to protect data security) and the security protections in place, including whether the data will be encrypted.
2. A parent, student, eligible student, teacher, or principal may challenge the accuracy of student, teacher, or principal data collected by the District by filing a written request with the Assistant Superintendent at the address noted above.
3. All agreements with third-party contractors who have been or are to be provided with confidential data subject to this Bill of Rights will ensure that any subcontractors, persons, or entities with whom data is shared will abide by data protection and security requirements. The District has entered into contracts with certain third-party contractors who have been provided data regarding students, teachers, and/or principals. The information mandated by law about such contractors appears on our website.
4. This Bill of Rights is subject to change based on regulations promulgated by the Commissioner of Education and/or the State Education Department’s Chief Privacy Officer.

If you would like more information, please contact:

Data Protection Officer Carthage Central School District 36500 NYS Route 26 Carthage, New York 13619

dpo@carthagecsd.org 315-493-2529

Ref: Education Law §2-d 20 U.S.C. §1232g