Federal and New York State laws provide parents with specific rights designed to protect their children's data privacy. They each dictate how and when schools may use or share a child's information.

FERPA

The Federal Educational Rights and Privacy Act (FERPA) provides parents with the right to inspect their child's education record and provides steps to correct any inaccuracies. The statute defines when a school may and may not share that information. Schools may disclose certain directory information without parent consent. Schools must, however, notify parents about directory information each year and provide parents with the opportunity to opt out of this disclosure. Visit FERPA for a summary of FERPA and how to exercise your rights.

Learn more about FERPA at the U.S. Department of Education webpage.

NYS Ed Law 2-d

New York State Education Law Section 2-d (NYS Ed Law 2-d) establishes strict guidelines designed to protect student data. It also protects data regarding teacher and principal data related to their evaluations. The law requires schools to take steps to protect their computer networks, train staff, and ensure vendors of educational software and services will follow these requirements.

For more details visit the NY State Senate Ed Law-2d page and its associated New York State Department of Education Part 121 Regulations page.

NYS Ed Law 2-d/Parents' Bill of Rights for Data and Privacy Security

NYS Ed Law 2-d also requires school districts to adopt and share a Parents' Bill of Rights for Data Privacy and Security, which outlines parents' rights.

In the event of the unauthorized disclosure of student information that includes Personally Identifiable Information (PII), Central Valley must notify the New York State Education Department’s Chief Privacy Officer within 10 days and affected parents, eligible students, and/or teachers within 60 days.

Note: Personally identifiable information (PII) is any information that could be combined with other pieces of information to identify an individual. Examples are first and/or last names, ID/Social Security numbers, nicknames, email addresses, physical addresses, parent names, etc.

Should the district become aware of the unauthorized disclosure of student information affecting your child, you can expect to receive a notification from the district containing the following information:

• A description of the unauthorized release
• Dates of the incident
• Date of discovery of the incident
• Description of the types of PII affected
• Description of the agency’s investigation
• Contact information for further assistance

Parents, students who are at least 18 years old, principals, teachers, and employees of an educational agency may file a complaint about a possible breach or improper disclosure of student data and/or protected teacher or principal data. Complaints should be directed in writing to Cuyle Rockwell, Data Protection Officer, Central Valley School District, 111 Frederick St., Ilion, NY 13357 or by completing this online form. Central Valley will promptly investigate each complaint.

Individuals may file a complaint directly with the New York State Education Department’s Chief Privacy Officer via this link.

In addition to FERPA and NYS Ed Law 2-d along with its associated Part 121 Regulations outlined in the Parents’ Rights section above, the following statutes also govern our activities with regard to student and other sensitive information protection:

Protection of Pupil Rights Amendment (PPRA) - PPRA defines the rules states and school districts must follow when administering tools like surveys, analysis, and evaluations funded by the US Department of Education to students. It requires parental approval to administer many such tools and ensures that school districts have policies in place regarding how the data collected through these tools can be used.

Children's Online Privacy Protection Rule (COPPA)– COPPA imposes certain requirements on operators of websites, games, mobile apps or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.

Office of Information Technology Services (NYS Technology Law)– NYS Technology Law establishes the Office of Information technology services to strategically manage the planning and development of technological resources statewide basis, in conjunction with state and local government agencies. NYS Technology Law also includes specific provisions for the use of biometric identifying technology in schools pending additional research by the NYS Education Department.

Parents’ Bill of Rights for Data Privacy and Security

The Central Valley School District seeks to use current technology, including electronic storage, retrieval, and analysis of information about students’ education experience in the district, to enhance the opportunities for learning and to increase the efficiency of our district and school operations.

The Central Valley School District seeks to insure that parents have information about how the District stores, retrieves, and uses information about students, and to meet all legal requirements for maintaining the privacy and security of protected student data and protected principal and teacher data, including Section 2-d of the New York State Education Law.

To further these goals, the Central Valley School District has posted this Parents’ Bill of Rights for Data Privacy and Security.

1. A student’s personally identifiable information cannot be sold or released for any commercial purposes.

2. Parents have the right to inspect and review the complete contents of their child’s education record. The procedures for exercising this right can be found in Board Policy 7500.4, Student Privacy FERPA Notice. You may access this Policy from the District’s policy page.

3. State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.

4. A complete list of all student data elements collected by the State is available at (NYSED list in an EXCEL spreadsheet) and a copy may be obtained by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 89 Washington Avenue, Albany, New York 12234 or email privacy@nysed.gov.

5. Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to Cuyle Rockwell, Data Protection Officer, Central Valley School District, 111 Frederick St., Ilion, NY 13357 or by completing this online form.

Supplemental Information About Third Party Contracts

In order to meet 21st century expectations for effective education and efficient operation, the District utilizes numerous products and services that involve third party contractors receiving access to student data, or principal or teacher data, protected by Section 2-d of the Education Law. The District recognizes that students, parents, and the school community have a legitimate interest in understanding which of the District’s vendors receive that data, for what purpose, and under what conditions. The District has undertaken the task of compiling that information, and of insuring that each new contract adequately describes (1) the exclusive purposes for which the data will be used, (2) how the contractor will ensure that any subcontractors it uses will abide by data protection and security requirements, (3) when the contract expires and what happens to the data at that time, (4) if and how an affected party can challenge the accuracy of the data is collected, (5) where the data will be stored, and (6) the security protections taken to ensure the data will be protected, including whether the data will be encrypted.

For more details regarding apps currently used at Central Valley, please visit this link.

FERPA provides the following rights to parents of students enrolled in district schools (these rights transfer from the parent to the student once he/she turns 18 or is attending college):

You may inspect and review your child’s education records, by contacting the school principal, who will arrange for you to inspect them within 45 days. You may obtain a copy of any record by giving the principal a request that specifically identifies the record you want copied. The copies will be made within a reasonable time after your request is received; you may be charged .25 cents per page for the copies.

You may seek amendment of your child’s records if you believe they are inaccurate or in violation of the student’s privacy or other rights, by contacting the district records access officer. You should tell the officer what specific portions of your child’s records you believe are inaccurate, misleading or a violation of privacy rights, and how you want them amended. If the officer determines that the record should not be amended, you have the right to a hearing to review that determination; the process for requesting a hearing will be explained to you at the time of the officer’s determination.

The district cannot generally disclose personally identifiable information contained in your child’s records to anyone outside the district without your consent. The district will disclose your child’s records to school officials only if they are providing educational services to your child, or otherwise need access to the information in those records in order to perform the work of the district. School officials include: administrators, teachers, and support staff employed by the district; Board of Education members; a parent or student serving on a district body such as the Committee on Special Education or the Student Senate; or any individual or company such as a law firm, medical consultant or specialist which contracts to provide services to the district or its students. The district will forward your child’s records to other educational agencies or institutions, including other school districts, in which your child seeks or intends to enroll, or from which your child is receiving services, upon the request of the agency or institution. You may request a copy of any record which has been sent to such an agency or institution, and you may seek amendment of any such record as described in Section 2 of this Notice.

If you believe the school district has not complied fully with FERPA or its regulations, you may file a complaint with the Family Policy Compliance Office, U.S. Department of Education, Washington D.C., 20202-4605. Procedures for filing this complaint can be obtained from the Records Access Officer.

You have the right to object to release of information concerning your child to military recruiters or institutions of higher education. Federal Law requires the district to give the name, address and telephone number of each high school student to these organizations on request. If you object to this, you should inform the Records Access Officer, in writing, on or before September 1 in any school year. If your objection is received after Sept. 1, it will become effective the next time, thereafter, the district compiles the information for that purpose.

You may contact the district’s Records Access Officer at 315-894-9934.

View the Central Valley CSD Board of Education policies regarding educational records:

• 7500 Education Records
• 7500.1 Application to Inspect FERPA Records
• 7500.2 Student Privacy Record of FERPA Requests
• 7500.3 Request to Correct FERPA Records
• 7500.4 Student Privacy FERPA Notice