User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active

In March 2014, the New York State Legislature created a new section of the Education Law to address an important topic: the safeguarding of student data and privacy. Now, fi ve years later, the Board of Regents is poised to issue regulations that clarify what is expected of school districts and BOCES. 

Draft regulations issued Jan. 30 answer many questions about what is required under Education Law Section 2-d but don’t resolve all ambiguities. Also, some new obligations will be created. For example, districts must create a complaint procedure for parents, and school board members must receive training. 

The regulations will become official when approved by the Board of Regents, which is expected to act in May. The State Education Department is accepting comments on the proposed rules until April 1. 

Below is a summary of items clarified by the proposed regulations and a list of new obligations.

Items clarified in the regulations 

Since the law was passed five years ago, many school districts and BOCES have struggled to interpret what, specifically, is required under Education Law Section 2-d. The proposed regulations provide clarity on several items:

Guidance for local policy-makers. Perhaps the most awaited regulatory guidance involves a required data security and privacy policy that each school board must adopt by Dec. 31, 2019. The proposed regulation specifically adopts the National Institute for Standards and Technology Cybersecurity Framework – the components of which must be included in the new policy. Guidance from SED states that its chief privacy officer, together with the Regional Information Centers and BOCES throughout the state are developing a model policy 



President's Message


Member Login