Skip To Main Content

Data Privacy & Security

At West Irondequoit Central School District, we uphold our commitment to safeguarding the privacy and security of all data entrusted to us. In compliance with New York State Education Law (Ed Law 2-D), we recognize the paramount importance of protecting sensitive information related to students, staff, parents, and any other individuals associated with our school district.

Our commitment to data privacy and security begins with implementation of robust and comprehensive policies, procedures and safeguards designed to prevent unauthorized access, use or disclosure of personal identifiable information and confidential data. We are committed to adhering to all applicable legal and regulatory requirement set forth in NYS Ed Law 2-D and other Federal Legislation including FERPA, PPRA, and COPPA.

West Irondequoit Data Privacy Officer Contact:
Casey Wagner
Director of Technology/Data Privacy Officer
585-939-7384
Email

New York State Chief Privacy Officer Contact:
New York State Education Department
Chief Privacy Officer
89 Washington Avenue, EB 152
Albany, NY 12234
518-474-0937
Email

 

New York State Education Law 2-D

What is Ed Law 2-D?
Ed Law 2-D is a comprehensive data privacy and security measure enacted in New York State designed to safeguard student and staff information in an educational setting. NYS Ed Law 2-D pertains to unauthorized release of personally identifiable information (PII).

The Board of Regents adopted Part 121 of the Regulations of the Commissioner of Education on January 13, 2020. These rules implement Education Law Section 2-D and provide guidance to education agencies and their third-party contractors on ways to strengthen data privacy and security in order to protect student data and teachers' annual professional performance review data. The regulation went through multiple sets of revisions and three rounds of public comments. It applies to both charter and public schools.

If you have questions, comments or concerns, please contact Casey Wagner, Director of Technology and Data Privacy Officer (DPO) at DPO@westiron.monroe.edu or by calling 585-939-7384.

Third-Party Contracts
In the spirit of complying with its obligations under the law and continuing to provide software programs, online applications, and data services, West Irondequoit Central School District (WICSD) has entered into contracts with certain third-party contractors.  Pursuant to such agreements, third-party contractors may have access to student data and staff data as defined by law.

For each contract WICSD enters into with a provider, and where the third-party contractor receives student or staff personally identifiable data, the following information will be included:

  • the intent for which the student data or staff data will be used
  • a published agreement that the third-party contractor will ensure that the subcontractors, persons or entities that the third-party contractor will share the student or staff data with, if any, will abide by data protection and security requirements
  • the disposal of data that contains personally identifiable items
  • a process for parents, students, staff who wish to challenge the accuracy of the student data or staff data that is collected

An inventory of software that contains personally identifiable information (PII) and accompanying contracts is available at West Irondequoit Software Inventory List

WICSD is responsible for obtaining those contracts for district-purchased software, while Monroe 1 BOCES obtains contracts for software and services purchased through the BOCES organization.

Key Resources
Ed Law 2-D: Link to Legislation
Part 121 of the Regulation: Link to Regulatory Documentation
NYSED Data Privacy Website: Link to New York State Education Department Website
Parent/Guardian Fact Sheet: Link to Fact Sheet for Ed Law 2-D. Education Law 2-D protects students PII from unauthorized disclosure. Additionally, this law provides parents with rights regarding their student's PII. The fact sheet explains these rights.
 

Parents/Guardians and Students Rights

Key Resources regarding Student Privacy

Read the Parent's Bill of Rights for Data Privacy and Security
Access our list of vendors we work with and our contracts
Review the Parent/Guardian Fact Sheet
Review our Board Policies related to Data Security and Privacy

  • Privacy and Security for Student Data and Teacher and Principal Data: Policy 5676
  • Limited Disclosures of Student Directory Information: Policy 7241
  • Records Management: Policy 5670

Review other Technology Related Board Policies  to Students

  • Student Use of Computerized Information Resources (Acceptable Use Policy): Policy 7314

Parents' Bill of Rights

WICSD is committed to protecting the privacy and security of student data and teacher and principal data. In accordance with New York State Education Law Section 2-D and its implementing regulations, the WICSD informs the school community that parents and eligible students can expect the following:

  1. A student's personally identifiable information (PII) cannot be sold or released for any commercial purpose.
  2. The right to inspect and review the complete contents of their student's education record stored or maintained by an educational agency.
  3. State and federal laws, such as NYS Education Law 2-D and the Family Educational Rights and Privacy Act, that protect the confidentiality of a student's PII, and safeguards associated with industry standards and best practices, including but not limited to encryption, firewalls, and password protection, must be in place when data is stored or transferred.
  4. A complete list of all student data elements collected by NYSED is available for public review at www.nysed.gov/data-privacy-security or by writing to: Chief Privacy Officer, New York State Education Dept., 89 Washington Avenue, Albany, NY 12234.
  5. The right to have complaints about possible breaches and unauthorized disclosures of student data addressed. Complaints may be submitted to NYSED online at www.nysed.gov/data-privacy-security, by mail to Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany, New York 12234, by email to privacy@nysed.gov, or by telephone at 518-474-0937.
  6. To be notified in accordance with applicable laws and regulations if a breach or unauthorized release of their student's PII occurs.
  7. Educational agency workers that handle PII will receive training on applicable state and federal laws, the educational agency's policies, and safeguards associated with industry standards and best practices that protect PII.
  8. Educational agency contracts with vendors that receive PII will address statutory and regulatory data privacy and security requirements.

If at any time district officials learn that student and/or teacher/principal data has been compromised, parents/guardians will be notified and the data breach will be reported to the NYS Education Department.

Link to West Irondequoit Central School District Parent Bill of Rights

Report an Unauthorized Disclosure/Data Breach

If a parent/guardian believes that student data has been released or disclosed in an unauthorized manner, or that data systems involving private student data have been breached, parents/guardians have a right to submit a formal complaint to the West Irondequoit Central School District (WICSD), consistent with New York State Education Law 2-D.

Click here to access the form that may be used to submit a complaint. Use of this form is recommended but not required. If using your own format to submit a complaint, you must provide the required information, as appropriate, as indicated on the complaint form. Upon receipt of a written complaint by a parent, WICSD must determine if the alleged violation occurred and issue a written decision of its findings.

Parent Guardian Submitting the Complaint

  • Complaints must be made in writing.
  • Complaints must be signed by the complainant (faxed or email signatures will not be accepted).


The breach complaint must include:

  • A statement that the district has violated a requirement of Part 121 of Ed Law 2-D or state law/regulation related to student data privacy.
  • The facts on which the statement is based.
  • Contact information of the person filing the complaint.
  • If alleging violations with respect due to a specific child, include:

1. The name and address of the child's residence
2. The name of the school the child is attending
3. In the case of a homeless child or youth, available contact information for the child and the name of the school the child is attending
4. A description of the nature of the incident, including facts related to the incident

School District Complaint Procedures

  • The school district will acknowledge receipt of the complaint within seven business days.
  • The school district will commence an investigation and take necessary precautions to protect any PII.
  • Following its investigation, the school district shall provide the parent or eligible student with a report of its findings within 60 calendar days from receipt of the complaint. In extenuating circumstances, where the district requires additional time to investigate the complaint or cooperate with law enforcement, or where releasing the report may compromise security or impede the investigation of the incident, the district shall provide the parent of eligible student with a written explanation that includes the approximate date when the district anticipates the report will be released.
  • The district will maintain a record of all complaints of breaches or unauthorized releases of student data and their disposition.
  • Complaints may be sent to: Data Protection Officer, West Irondequoit Central School District, 45 Cooper Road, Rochester, New York 14617
     

Annual Notification of FERPA and Directory Information

FERPA: Limited Disclosure of Directory Information

The Family Educational Rights and Privacy Act (FERPA), a federal law, generally requires that the District obtain your written consent prior to disclosing personally identifiable information from your child's or your education records (to persons other than those with a legitimate educational interest). The District may, however, disclose "directory information" for limited purposes without your written consent, unless you have timely advised the District of your decision to opt out of such disclosures in whole or in part.

Directory information is contained in an education record of a student that would not generally be considered harmful or an invasion of privacy if disclosed. The District defines "directory information" to include only the following:

  • Name
  • Grade level
  • Dates of attendance
  • Photograph/image
  • Honors and awards received
  • Participation in officially recognized activities and sports

In accordance with FERPA and Board Policy No. 7241, "Limited Disclosure of Student Directory Information," the District's disclosure of directory information will be limited to specific parties and specific purposes only. Specifically, the District will include directory information in certain school publications, such as the yearbook, honor roll and other recognition lists, graduation programs, sports activity sheets, and playbills showing your child's or your role in drama productions in a timely manner without the necessity for requesting consent in situations in which it is expected that there would be no significant concern about invasion of privacy or any danger or harm from the disclosure. Unless the parent/eligible student opts out, the District will make the disclosure without obtaining consent. The District may also disclose directory information to outside organizations/parties without a parent's/eligible student's prior written consent but only for school-related activities or purposes. Examples of such outside organizations include, but are not limited to, companies that manufacture class rings or publish yearbooks.

The District shall not disclose directory information in any situation when a risk to student safety, risk of identity theft, or other harm to students is reasonably perceived.

If you do not want the District to disclose any or all of the types of information designated above as directory information from your child's or your education records without your prior written consent, you must notify the District in writing of such decision to opt out in whole or in part. Your written notice must be received by the Office of Public Information, 321 List Avenue, on or before September 30th annually.

Annual Notification of Rights Regarding Education Records

The Family Educational Rights and Privacy Act (FERPA) affords parents and students over 18 years of age (eligible students) certain rights with respect to the student's education records. These rights are:

  • The right to inspect and review the student's education records within 45 days after the day the school receives a request for access. Parents/guardians or eligible students who wish to inspect their child's or their education records should submit to the school principal a written request that identifies the record(s) they wish to inspect. The school will make arrangements for access and notify the parent/guardian or eligible student of the time and place where the records may be inspected.
  • The right to request the amendment of the student's education records that the parent or eligible student believes are inaccurate, misleading, or otherwise in violation of the student's privacy rights under FERPA. Parents or eligible students who wish to ask the school to amend a records should write the school principal, clearly identify the part of the record they want changed, and specify why it should be changed. If the school decides not to amend the record as requested by the parent or eligible student, the school will notify the parent or eligible student of the decision and advise them of their right to a hearing regarding the request for amendment. Additional information regarding the hearing procedures will be provided to the parent of eligible student when notified of the right to a hearing.
  • The right to privacy of personally identifiable information in the student's education records, except to the extent that FERPA authorizes disclosure without consent. For example, the district may disclose information from student education records to school officials with legitimate educational interests. A school official is a person employed by the school as an administrator, supervisor, teacher, or support staff member, including health staff, office staff, and security personnel. It may also include a person serving on the School Board, a parent on an official District committee, or a person or company with whom the school has outsourced services or functions it would otherwise use its own employees to perform (such as an attorney, auditor, consultant). A school official has a legitimate educational interest if the official needs to review an education record in order to fulfill his or her professional responsibility.

Under FERPA, the District is permitted to disclose education records, including disciplinary records, without consent to other schools or post-secondary educational institutions in which a student seeks or intends to enroll, or is already enrolled if the disclosure is for purposes of the student's enrollment or transfer. However, while the District reserves all its rights under FERPA, its standard practice will be to seek written consent from parents or eligible students in order to transfer the student's records, and those records will not normally include disciplinary information unless the parents or student specifically request that they do. Exceptions to this standard practice will occur only where specific circumstances make them reasonable and prudent. In the event of a health and safety emergency, the District may disclose information from a student's education record when such disclosure appears likely to protect the health and safety of the student or others.

The right to file a complaint with the U.S. Department of Education concerning alleged failures by the school to comply with the requirements of FERPA. The name and address of the office that administers FERPA are:

Family Policy Compliance Office
U.S. Department of Education
400 Maryland Avenue, SW
Washington, DC 20202-8520

Federal Laws that Protect Student Data

Family Educational Rights and Privacy Act (FERPA) - The foundational federal law on the privacy of students' educational records, FERPA safeguards student privacy by limiting who may access student records, specifying for what purpose they may access those records, and detailing what rules they have to follow when accessing the data.

Protection of Pupil Rights Amendment (PPRA) - PPRA defines the rules states and school districts must follow when administering tools like surveys, analysis, and evaluations funded by the U.S. Department of Education to students. It requires parental approval to administer many such tools and ensures that school districts have policies in place regarding how the data collected through these tools can be used.

Children's Online Privacy Protection Rule (COPPA) - COPPA imposes certain requirements on operators of websites, games, mobile apps or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.