• PARENTS’ BILL OF RIGHTS FOR DATA PRIVACY AND SECURITY

    In accordance with New York State Education Law Section 2-d, the Somers Central School District hereby sets forth the following Parents’ Bill of Rights for Data Privacy and Security, which is applicable to all students and their parents and legal guardians. 

    1. State and federal laws, such as New York State Education Law Section 2-d (“Section 2-d”) and the Family Educational Rights and Privacy Act (“FERPA”), protect the confidentiality of students’ personally identifiable information. Subject to certain exceptions (See Student Records Regulation 5500-R), Section 2-d and FERPA assures the confidentiality of student records with respect to "third parties," and provides parents with the right to consent to disclosures of personally identifiable information contained in their child’s education records.
    2. A student's personally identifiable information cannot be sold or released for any marketing or commercial purposes by the district or any third party contractor. 
    3. Personally identifiable information includes, but is not limited to:
      • The student's name;
      • The name of the student's parent or other family members;
      • The address of the student or student's family;
      • A personal identifier, such as the student's social security number, student number, or biometric record;
      • Other indirect identifiers, such as the student's date of birth, place of birth, and mother's maiden name;
      • Other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty; or
      • Information requested by a person who the District reasonably believes knows the identity of the student to whom the education record relates.
    4. Personally identifiable student information will be collected and disclosed only as necessary to achieve educational purposes in accordance with State and Federal Law.
    5. In accordance with FERPA, Section 2-d and our Student Records Policy 5500, parents have the right to inspect and review the complete contents of their child's education record;
    6. The District has safeguards in place associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection to protect student data, including personally identifiable information stored or transferred by the District.
    7. New York State, through the New York State Education Department, collects a number of student data elements for authorized uses. A complete list of all student data elements collected by the State is available for public review, at http://www.p12.nysed.gov/irs/sirs/ or may be obtained by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 89 Washington Avenue, Albany, NY 12234.
    8. Parents have the right to submit complaints about possible breaches and unauthorized disclosures of personally identifiable student data addressed. Complaints should be directed, in writing, to: Kevin Guidotti, Director of Learning, Somers Central School District, 250 Route 202, Somers, NY  10589, by email to kguidotti@somersschools.org, by telephone at 914-277-3399 ext. 5400. Complaints may also be directed to the Chief Privacy Officer of the New York State Education Department online at http://www.nysed.gov/data-privacy-security/report-improper-disclosure or by mail to Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany NY  12234, or by email to Privacy@mail.nysed.gov or by telephone at 518-474-0937.  

     SUPPLEMENTAL INFORMATION FOR THIRD PARTY CONTRACTS

    The Somers Central School District provides certain student, principal or teacher data, as defined by New York State Education Law Section 2-d, to the third party contractors listed below. 

    In all instances, a parent,  eligible student, teacher or principal has the right to submit, in writing, concerns or challenges to the accuracy of student, teacher or principal data to:  Kevin Guidotti, Director of Learning, Somers Central School District, 250 Route 202, Somers, NY 10589, by email to kguidotti@somersschools.org, by telephone at 914-277-3399 ext. 5400. Complaints may also be directed to  the Chief Privacy Officer of the New York State Education Department online at http://www.nysed.gov/data-privacy-security/report-improper-disclosure or by mail to Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany NY  12234, or by email to Privacy@mail.nysed.gov or by telephone at 518-474-0937.

    The contractor is prohibited from further sharing any student data to subcontractors, research institutions, persons or entities that are not directly an employee or department/office within this contractor’s organization, unless written consent is included with any contract.  This includes sharing of any database, spreadsheet, word processing, csv, html or text files or providing credentials to access the data via the contracted software.  This doesn’t pertain to the actual storage of the data on physical hard drives or solid state drives of a data center. 

    Student, teacher and/or principal data shall be stored in a secure data center using monitoring of the access doors, fire and security monitoring, system health and intrusion monitoring, data back ups and retentions.  Data storage and access shall comply with the Advanced Encryption Standard (AES) with minimums of 128 bit key encryption or better. 

    1. Alpine Achievements – Assessment data warehouse for the analysis of student progress.Absent renewal, this agreement expires annually on June 30th.  If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
    2. Blackboard ConnectEd – Web-based calling and email system to parents.Absent renewal, this agreement expires annually on June 30th.  If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
    3. Castle Learning – Assessment item bank for HS test preparation.Absent renewal, this agreement expires annually on June 30th.  If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
    4. DIBELS – Used to assess student reading progress at Primrose Elementary School.Absent renewal, this agreement expires annually on June 30th.  If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
    5. Fitnessgram – Performance collection and reporting tool for physical education.Absent renewal, this agreement expires annually on June 30th.  If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
    6. Follett – Library collection management and access tool.Absent renewal, this agreement expires annually on June 30th.  If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88
    7. IEP Direct – Management tool utilized by Special Services Department.Absent renewal, this agreement expires annually on June 30th.  If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
    8. Infinite Campus – Student information system used to track attendance, grades, assessments and family demographic information.Absent renewal, this agreement expires annually on June 30th.  If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
    9. McGaw Hill/ConnectEd – Online math instructional resources for core programs used by students and teachers.Absent renewal, this agreement expires on June 30, 2020.  If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88
    10. Naviance – College and Career development tool for students.Absent renewal, this agreement expires annually on June 30th.  If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88
    11. NCAA – Transcript electronic upload system for student athletes No agreement required – all student data is retained for six (6) years from high school graduation.  Data is then deleted in accordance with the National Institute of Standards and technology (NIST) standard 800-88.
    12. Nimbus/Schoolwires – school district website.Absent renewal, this agreement expires annually on June 30th.  If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
    13. Office 365 – productivity tool used by students, teachers and administrators.Absent renewal, this agreement expires annually on June 30th.  If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88
    14. Overdrive – ebook solution for students and teachers.Absent renewal, this agreement expires annually on June 30th.  If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88
    15. Renaissance Learning – used to assess student reading and math growth.Absent renewal, this agreement expires annually on June 30th.  If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
    16. Success Highways – student survey on student resiliency levels.Absent renewal, this agreement expires annually on June 30th.  If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88. 
    17. Transfinder – transportation management tool.Absent renewal, this agreement expires annually on June 30th.  If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
    18. Wordly Wise – Vocabulary development and assessment tool for middle school students.

    Absent renewal, this agreement expires annually on June 30th.  If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.

     

    December 9, 2014

    Revised:  October 20, 2015

    Revised:  February 13, 2018

    Revised:  May 20, 2020

     

     

    SUPPLEMENTAL INFORMATION FOR THIRD PARTY CONTRACTORS

     

    The Somers Central School District provides certain student data to the following third party contractors:

     

    Name of Vendor/Contractor/Company: ________________________________________

     

    Address: _________________________________________________________________

    Phone #: _________________________________________________________________

    Name of person completing this form: __________________________________________

    Title of person completing this form: ___________________________________________

    Signature of person completing this form: _______________________________________

     

    Date:____________

     

    The student data, or teacher or principal data collected will be used for: ______________________________________________________________________________

    [insert the purpose of the use of the data]

     

    1. This contractor is prohibited from further sharing any student data to subcontractors, research institutions, persons or entities that are not directly an employee or department/office within this contractor’s organization, unless written consent is included with any contract. This includes sharing of any database, spreadsheet, word processing, csv, html or text files or providing credentials to access the data via the contracted software. This does not pertain to the actual storage of the data on physical hard drives or solid state drives of a data center. 
    2. Absent renewal, this agreement expires annually on June 30. If the District does not renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
    3. A parent or eligible student has the right to submit concerns or challenges to the accuracy of student data by submitting in writing, to: Kevin Guidotti, Director for Learning, 250 Route 202, Somers, NY 10589, 914-277-2400, kguidotti@somersschools.org or the Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany NY 12234, email to CPO@mail.nysed.gov.
    4. Student data shall be stored in a secure data center using monitoring of the access doors, fire and security monitoring, system health and intrusion monitoring, data backups and retentions. Data storage and access shall comply with the Advanced Encryption Standard (AES) with minimums of 128 bit key encryption or better.