The Guilderland School District, in recognition of the risk of identity theft and unwarranted invasion of privacy, affirms its commitment to safeguarding student personally identifiable information (PII) in educational records from unauthorized access or disclosure in accordance with State and Federal law. The Guilderland School District establishes the following parental bill of rights:
- Student personally identifiable information (PII) will be collected and disclosed only as necessary to achieve educational purposes in accordance with State and Federal Law.
- A student’s personally identifiable information cannot be sold or released for any marketing or commercial purposes by the district or any third party contractor. The district will not sell student personally identifiable information and will not release it for marketing or commercial purposes, other than directory information released by the district in accordance with district policy;
- Parents have the right to inspect and review the complete contents of their child’s education record (for more information about how to exercise this right, see 5500-R);
- State and federal laws, such as NYS Education Law §2-d and the Family Educational Rights and Privacy Act, protect the confidentiality of students’ personally identifiable information. Safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred;
- A complete list of all student data elements collected by the State Education Department is available for public review at http://nysed.gov/data-privacy-security or by writing to: Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany, NY 12234.
- Parents have the right to have complaints about possible breaches and unauthorized disclosures of student data addressed. Complaints should be directed to Data Privacy Officer, GSCD, PO Box 18, 8 School Road, Guilderland Center, NY 12085, (518) 456-6200 x3117; email@example.com. Complaints can also be directed to the New York State Education Department online at http://www.nysed.gov/data-privacy-security, by mail to the Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany, NY 12234 or by email firstname.lastname@example.org or by telephone at 518-474-0937.
- Parents have the right to be notified in accordance to applicable laws and regulations if a breach or unauthorized release of their student’s PII occurs.
- Parents can expect that educational agency workers who handle PII will receive annual training on applicable federal and state laws, regulations, educational agency’s policies and safeguards which will be in alignment with industry standards and best practices to protect PII.
- In the event that the District engages a third party provider to deliver student educational services, the contractor or subcontractors will be obligated to adhere to State and Federal Laws and District policy to safeguard student PII. Parents can request information about third party contractors by contacting Dr. Lin Severance, Records Access Officer, GSCD, PO Box 18, 8 School Road, Guilderland Center, NY 12085, (518) 456-6200; email@example.com or can access the information on the district’s website, www.guilderlandschools.org.
Additional student data privacy information
This bill of rights is subject to change based on regulations of the commissioner of education and the SED chief privacy officer, as well as emerging guidance documents from SED. For example, these changes/additions will include requirements for districts to share information about third-party contractors that have access to student data, including:
- How the student, teacher or principal data will be used;
- How the third-party contractors (and any subcontractors/ others with access to the data) will abide by data protection and security requirements;
- What will happen to data when agreements with third-party contractors expire;
- If and how parents, eligible students, teachers or principals may challenge the accuracy of data that is collected; and
- Where data will be stored to ensure security and the security precautions taken to ensure the data is protected, including whether the data will be encrypted.