Home » Departments & Services » Technology » Parents’ Bill of Rights for Data Privacy and Security

Parents’ Bill of Rights for Data Privacy and Security

Parents’ Bill of Rights – Supplemental Information Addendum | Complaint Procedures for Unauthorized Data Disclosure / Data Breach

The New Hartford Central School District seeks to use current technology, including electronic storage, retrieval, and analysis of information about students’ education experience in the district, to enhance the opportunities for learning and to increase the efficiency of our district and school operations.

The New Hartford Central School District seeks to insure that parents have information about how the District stores, retrieves, and uses information about students, and to meet all legal requirements for maintaining the privacy and security of protected student data and protected principal and teacher data, including § 2-d of the New York State Education Law.

Education Law § 2-d mandates that each educational agency develop a Parent Bill of Rights for data privacy and security. The purpose of this document is to provide information to parents and students about certain legal requirements that protect personally identifiable information.

To further these goals, the New Hartford Central School District has posted this Parents’ Bill of Rights for Data Privacy and Security.

  1. A student’s personally identifiable information cannot be sold or released for any commercial purposes.
  2. Parents have the right to inspect and review the complete contents of their child’s education record. The procedures for exercising this right can be found in Board Policies 7240, 7242, and 7250. You may access these Policies from the District’s website.
  3. State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
  4. A complete list of all student data elements collected by the State will be available at http://www.p12.nysed.gov/irs/sirs/documentation/NYSEDstudentData.xlsx and a copy may be obtained by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 89 Washington Avenue, Albany, NY 12234.
  5. Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the CJ Amarosa, MIS Director, New Hartford Central Schools, 33 Oxford Rd. New Hartford, NY 13413 OR to the Chief Privacy Officer, New York State Education Department, Room 863 EBA, 89 Washington Avenue, Albany, NY 12234.

Back to top

Parents’ Bill of Rights – Supplemental Information Addendum

  1. EXCLUSIVE PURPOSES FOR DATA USE: The exclusive purposes for which “student data” or “teacher or principal data” (as those terms are defined in Education Law Section 2-d and collectively referred to as the “Confidential Data”) will be used by Ferrara Fiorenza PC (“Ferrara Fiorenza”) are limited to use in connection with the ongoing professional and legal services provided by Ferrara Fiorenza to New Hartford Central School District (the “School District”) (the “Legal Services”).
  2. SUBCONTRACTOR OVERSIGHT DETAILS: Ferrara Fiorenza will ensure that any subcontractors, or other authorized persons or entities to whom Ferrara Fiorenza will disclose the Confidential Data, if any, are contractually required to abide by all applicable data protection and security requirements, including but not limited to those outlined in applicable state and federal laws and regulations (e.g., FERPA; Education Law §2-d; 8 NYCRR Part 121).
  3. PRACTICES: Ferrara Fiorenza provides ongoing Legal Services. During the pendency and at the conclusion of such Legal Services, Confidential Data will be maintained by Ferrara Fiorenza PC in accordance with all legal requirements, as well as Ferrara Fiorenza PC’s Data Security and Privacy Plan.
  4. DATA ACCURACY/CORRECTION PRACTICES: A parent or eligible student can challenge the accuracy of any “education record”, as that term is defined in the Family Educational Rights and Privacy Act (“FERPA”) stored by the School District by following the School District’s procedure for requesting the amendment of education records under the FERPA. Teachers and principals may be able to challenge the accuracy of APPR data stored by the School District by following the appeal procedure in the School District’s APPR Plan. Unless otherwise required by the above or by other applicable law, challenges to the accuracy of the Confidential Data shall not be permitted.
  5. SECURITY PRACTICES: Confidential Data provided to Ferrara Fiorenza by the School District will be stored in Ferrara Fiorenza’s secure offices and/or on its secured server. Ferrara Fiorenza will protect Confidential Data in accordance with its Data Security and Privacy Plan.
  6. ENCRYPTION PRACTICES: Ferrara Fiorenza will apply encryption to the Confidential Data while in motion and at rest in accordance with its Data Privacy and Protection Plan and to the extent required by applicable state and federal laws and regulations.

View the NY State Education Department web page on Bill of Rights for Data Privacy and Security (Parents’ Bill of Rights).

A complete list of all student data elements collected by the State is available for public review at the NY State Education Department’s Vendor Support for School Districts and BOCES website or by writing to:

NY State Education Department Information & Reporting Services
Room 863 EBA
89 Washington Avenue
Albany, NY 12234

Back to top

Complaint Procedures for Unauthorized Data Disclosure / Data Breach

Parents, legal guardians, eligible students (students who are at least 18 years of age or attending a post-secondary institution at any age), principals, teachers, and employees of an educational agency may file a complaint about a possible data breach or improper disclosure of student data and/or protected teacher or principal data.

  1. To submit a complaint, please download & complete the New Hartford CSD Unauthorized Data Disclosure/Data Breach Form. Paper forms are also available in the schools’ main office.
  • Completed forms may be submitted by email to the Data Protection Officer:
    John Gillette, Chief Information and Technology Officer
    email: jgillette@nhart.org
    phone: (315) 624-1099
    or
  • submitted at the district office either in person or by mail:
    29 Oxford Rd., New Hartford, NY 13413
  1. Mr. Gillette, or his assigned designee, will contact the complainant by phone or email to review the complaint, and initiate an investigation.
  2. Investigations will be completed and finalized in a reasonable amount of time, typically, within 60 calendar days from the receipt of the complaint. In the event the investigation needs to extend beyond 60 days, due to extenuating circumstances, the complainant will be contacted to inform them of the delay and the expected timeline for completion.
  3. New Hartford CSD will maintain a record of all complaints of data breaches or unauthorized releases of student/staff data & their disposition in accordance with applicable data retention policies, and report complaint reports & investigations as directed by NYS Ed Law 2d / Part 121 Regulations to the NYSED Chief Privacy Officer.

Back to top

Back to Technology