Parents' Bill of Rights
- PARENTS’ BILL OF RIGHTS FOR DATA PRIVACY AND SECURITY
- SUPPLEMENTAL INFORMATION FOR THIRD PARTY CONTRACTS
PARENTS’ BILL OF RIGHTS FOR DATA PRIVACY AND SECURITY
In accordance with New York State Education Law Section 2-d, the Somers Central School District hereby sets forth the following Parents’ Bill of Rights for Data Privacy and Security, which is applicable to all students and their parents and legal guardians.
-
State and federal laws, such as New York State Education Law Section 2-d (“Section 2-d”) and the Family Educational Rights and Privacy Act (“FERPA”), protect the confidentiality of students’ personally identifiable information. Subject to certain exceptions (See Student Records Regulation 5500-R), Section 2-d and FERPA assures the confidentiality of student records with respect to "third parties," and provides parents with the right to consent to disclosures of personally identifiable information contained in their child’s education records.
-
A student's personally identifiable information cannot be sold or released for any marketing or commercial purposes by the district or any third party contractor.
-
Personally identifiable information includes, but is not limited to:
- The student's name;
- The name of the student's parent or other family members;
- The address of the student or student's family;
- A personal identifier, such as the student's social security number, student number, or biometric record;
- Other indirect identifiers, such as the student's date of birth, place of birth, and mother's maiden name;
- Other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty; or
- Information requested by a person who the District reasonably believes knows the identity of the student to whom the education record relates.
-
Personally identifiable student information will be collected and disclosed only as necessary to achieve educational purposes in accordance with State and Federal Law.
-
In accordance with FERPA, Section 2-d and our Student Records Policy 5500, parents have the right to inspect and review the complete contents of their child's education record;
-
The District has safeguards in place associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection to protect student data, including personally identifiable information stored or transferred by the District.
-
New York State, through the New York State Education Department, collects a number of student data elements for authorized uses. A complete list of all student data elements collected by the State is available for public review, at http://www.p12.nysed.gov/irs/sirs/ or may be obtained by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 89 Washington Avenue, Albany, NY 12234.
-
Parents have the right to submit complaints about possible breaches and unauthorized disclosures of personally identifiable student data addressed. Complaints should be directed, in writing, to: Data Privacy Officer, Somers Central School District, 250 Route 202, Somers, NY 10589, or by email to dpo@somersschools.org. Complaints may also be directed to the Chief Privacy Officer of the New York State Education Department online at http://www.nysed.gov/data-privacy-security/report-improper-disclosure or by mail to Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany NY 12234, or by email to Privacy@mail.nysed.gov or by telephone at 518-474-0937.
SUPPLEMENTAL INFORMATION FOR THIRD PARTY CONTRACTS
The Somers Central School District provides certain student, principal or teacher data, as defined by New York State Education Law Section 2-d, to the third party contractors listed below.
In all instances, a parent, eligible student, teacher or principal has the right to submit, in writing, concerns or challenges to the accuracy of student, teacher or principal data to: Data Privacy Officer, Somers Central School District, 250 Route 202, Somers, NY 10589, or by email to dpo@somersschools.org. Complaints may also be directed to the Chief Privacy Officer of the New York State Education Department online at http://www.nysed.gov/data-privacy-security/report-improper-disclosure or by mail to Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany NY 12234, or by email to Privacy@mail.nysed.gov or by telephone at 518-474-0937.
The contractor is prohibited from further sharing any student data to subcontractors, research institutions, persons or entities that are not directly an employee or department/office within this contractor’s organization, unless written consent is included with any contract. This includes sharing of any database, spreadsheet, word processing, csv, html or text files or providing credentials to access the data via the contracted software. This doesn’t pertain to the actual storage of the data on physical hard drives or solid state drives of a data center.
Student, teacher and/or principal data shall be stored in a secure data center using monitoring of the access doors, fire and security monitoring, system health and intrusion monitoring, data back ups and retentions. Data storage and access shall comply with the Advanced Encryption Standard (AES) with minimums of 128 bit key encryption or better.
- Alpine Achievements – Assessment data warehouse for the analysis of student progress. Absent renewal, this agreement expires annually on June 30th. If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
- Blackboard ConnectEd – Web-based calling and email system to parents. Absent renewal, this agreement expires annually on June 30th. If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
- Castle Learning – Assessment item bank for HS test preparation. Absent renewal, this agreement expires annually on June 30th. If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
- DIBELS – Used to assess student reading progress at Primrose Elementary School. Absent renewal, this agreement expires annually on June 30th. If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
- Fitnessgram – Performance collection and reporting tool for physical education. Absent renewal, this agreement expires annually on June 30th. If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
- Follett – Library collection management and access tool. Absent renewal, this agreement expires annually on June 30th. If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
- IEP Direct – Management tool utilized by Special Services Department. Absent renewal, this agreement expires annually on June 30th. If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
- Infinite Campus – Student information system used to track attendance, grades, assessments and family demographic information. Absent renewal, this agreement expires annually on June 30th. If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
- McGaw Hill/ConnectEd – Online math instructional resources for core programs used by students and teachers. Absent renewal, this agreement expires on June 30, 2020. If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
- Naviance – College and Career development tool for students. Absent renewal, this agreement expires annually on June 30th. If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
- NCAA – Transcript electronic upload system for student athletes. No agreement required – all student data is retained for six (6) years from high school graduation. Data is then deleted in accordance with the National Institute of Standards and technology (NIST) standard 800-88.
- Nimbus/Schoolwires – school district website. Absent renewal, this agreement expires annually on June 30th. If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
- Office 365 – productivity tool used by students, teachers and administrators. Absent renewal, this agreement expires annually on June 30th. If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
- Overdrive – ebook solution for students and teachers. Absent renewal, this agreement expires annually on June 30th. If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
- Renaissance Learning – used to assess student reading and math growth. Absent renewal, this agreement expires annually on June 30th. If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
- Success Highways – student survey on student resiliency levels. Absent renewal, this agreement expires annually on June 30th. If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
- Transfinder – transportation management tool. Absent renewal, this agreement expires annually on June 30th. If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
- Wordly Wise – Vocabulary development and assessment tool for middle school students. Absent renewal, this agreement expires annually on June 30th. If the district doesn’t renew the contract past June 30th of the contractual year, all student data shall be deleted (within 90 days) in accordance with the National Institute of Standards and Technology (NIST) standard 800-88.
December 9, 2014
Revised: October 20, 2015
Revised: February 13, 2018
Revised: May 20, 2020