Technology is an integral part of the teaching and learning experience in the Mt. Sinai School District. The ever-increasing availability of online teaching and learning resources comes with inherent risks and concerns regarding student data, privacy and student work. We as a district have a responsibility to ensure that student's data and privacy is adequately protected while using any online digital resource for school work. The Mt. Sinai School District is providing the following information/resources for parents, teachers, and the community so that they can better understand what student data is, how student data is collected and used and the laws and practices that the district adheres to in order to protect student data and privacy.
Parent and Staff Information
What do we mean by Student Data
NYSED Fact Sheet for Parents
NYSED How to Report an Improper Disclosure
A Parent’s Guide to Student Data Privacy (FERPA/SHERPA)
Protecting Student Privacy 101
Mt. Sinai Parent Bill of Rights for Data Privacy and Security
NYSED Parent Bill of Rights for Data Privacy and Security
Inventory of Data Elements Collected by NYSED
Data Security Practices for Educators
Profile of a Data Privacy Officer
NYSED Parent Data Dashboard
The Mt. Sinai School District oversees a wide range of information about students. The district manages personally identifiable information (PII) about students in accordance with the federal laws known as FERPA and COPPA. More information regarding federal and state laws, district policies and guidelines that address technology use and student data privacy are listed below.
New York State Data Privacy and Security
NYSED October 28, 2020 Memo Regarding Data Security and Privacy
NYSED Data Security and Privacy Policy
Ed Law 2D - Education Law § 2-d went into effect in April 2014. The focus of the statute was to foster privacy and security of personally identifiable information (PII) of students and certain PII related to classroom teachers and principals. Regulations strengthen data privacy
Part 121 Amendment to Ed Law 2D: Although the proposed regulations largely restate the requirements of Education Law § 2-d, there are new elements, including the adoption by the New York State Education Department of a data security and privacy standard, as was required by the statute. The Department will adopt the National Institute for Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity Version 1.1 (CSF or Framework).
Applicable Federal and State Laws that Impact Technology Use and Student Privacy
Family Educational Rights and Privacy Act (FERPA)
Children’s Online Privacy Protection Act (COPPA)
Children’s Internet Protection Act (CIPA)
Protection of Pupil Rights Amendment (PPRA)
Individuals with Disabilities in Education Act (IDEA)
Third Party Ed Law 2D Privacy Agreement
NSYED Model Data Privacy Agreement and Instructions for Third Party Vendors
The District will ensure that whenever it enters into a contract or other written agreement with a third-party contractor under which the third-party contractor will receive student data or teacher or principal data from the District, the contract or written agreement will include provisions requiring that confidentiality of shared student data or teacher or principal data be maintained in accordance with law, regulation, and District policy.
In addition, the District will ensure that the contract or written agreement includes the third-party contractor's data privacy and security plan that has been accepted by the District. The third-party contractor's data privacy and security plan must, at a minimum:
Outline how the third-party contractor will implement all state, federal, and local data privacy and security contract requirements over the life of the contract, consistent with District policy;
Specify the administrative, operational, and technical safeguards and practices the third-party contractor has in place to protect PII that it will receive under the contract;
Demonstrate that the third-party contractor complies with the requirements of 8 NYCRR Section 121.3(c);
Specify how officers or employees of the third-party contractor and its assignees who have access to student data or teacher or principal data receive or will receive training on the laws governing confidentiality of this data prior to receiving access;
Specify if the third-party contractor will utilize subcontractors and how it will manage those relationships and contracts to ensure PII is protected;
Specify how the third-party contractor will manage data privacy and security incidents that implicate PII including specifying any plans to identify breaches and unauthorized disclosures, and to promptly notify the District;
Describe whether, how, and when data will be returned to the District, transitioned to a successor contractor, at the District's option and direction, deleted or destroyed by the third-party contractor when the contract is terminated or expires; and
Include a signed copy of the Parents' Bill of Rights for Data Privacy and Security
Software Inventory and Supplemental Ed Law 2D Agreements with Third Party Vendors
Mt. Sinai School District Software Inventory
Additional Resources
National Center for Educational Services - Privacy Technical Assistance Center (PTAC)
K12 Cyber Security Resource Center
K12 Privacy & Security Blueprint
The National School Board Association
Student Data Privacy Pledge
NYSED Legal Notices and Resources
NIST Cybersecurity Framework