NYS Ed Law 2D pertains to the unauthorized release of personally identifiable information (PII).

The Board of Regents adopted Part 121 of the Regulations of the Commissioner of Education on January 13, 2020. These rules will implement Education Law Section 2-D and provide guidance to educational agencies and their third-party contractors on ways to strengthen data privacy and security to protect student data and teachers' annual professional performance review data. The regulation went through multiple sets of revisions and three rounds of public comments. It applies to both charter and traditional public schools.

PII includes, but is not limited to:

• The student’s name;
• The name of the student’s parent or other family members;
• The address of the student or student’s family;
• A personal identifier, such as the student’s social security number, student number, or biometric record;
• Other indirect identifiers, such as the student’s date of birth, place of birth, and mother’s maiden name;
• Other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty; or
• Information requested by a person who the educational agency or institution reasonably believes knows the identity of the student to whom the education record relates.

The confidentiality and privacy provisions do not apply to de-identified data (e.g., data regarding students that uses random identifiers), aggregated data (e.g., data reported at the school district level) or anonymized data that could not be used to identify a particular student.

Report an Improper Disclosure to Great Neck Public Schools:

If a parent, adult student, principal or teacher believes that there has been a data breach or improper disclosure of PII, the complaint should be submitted using the GNPS Improper Disclosure Reporting Form.

Parents/guardians may also choose to submit a written complaint regarding a potential breach by the Great Neck Public Schools to the Superintendent of Great Neck Public Schools, 345 Lakeville Road, Great Neck, NY 11020

Parents may also choose to contact the District's Data Protection Officer, Joseph Cangialosi, at jcangialosi@greatneck.k12.ny.us

Report an Improper Disclosure through NYSED Data Privacy and Security:

Complaints can also be directed to the New York State Education Department online at http://www.nysed.gov/data-privacy-security/report-improper-disclosure, by mail to the Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany, NY 11234, by email to privacy@mail.nysed.gov or by telephone at 518-474-0937.

Parents’ Bill of Rights for Data Privacy and Security

Great Neck Public Schools is committed to protecting the privacy and security of each and every student’s data. Parents should be aware of the following rights they have concerning their child’s data.

View Parents' Bill of Rights

Board of Education Policy #8625 Privacy and Security For Student, Teacher, and Principal Data

The Board of Education recognizes its responsibility to enact policies that provide privacy for student, teacher, and principal data in accordance with the law. This is particularly relevant in the context of the administration of student data which is collected, surveys that collect personal information, the disclosure of personal information for marketing purposes, and in conducting physical exams.

View Great Neck Public Schools Board of Education Policy #8625 Information and Data Privacy Security Policy

Board of Education Policy # 8635 Information and Data Privacy, Security Breach and Notification

The Board of Education of the Great Neck Public Schools acknowledges the growing concern regarding the rise in identity theft, the need for secure networks as well as prompt notification when any computer security breach occurs. 

View Great Neck Public Schools Board of Education Policy #8635 Information and Data Privacy, Security Breach and Notification

NYSED Data Security and Privacy Policy

This policy addresses NYS Education Department’s (the Department or SED) responsibility to adopt appropriate administrative, technical, and physical safeguards and controls to protect and maintain the confidentiality, integrity, and availability of its data, data systems, and information technology resources.

http://www.nysed.gov/common/nysed/files/programs/data-privacy-security/nysed-data-privacy-and-security-policy.pdf

Link to NYSED Data Elements

http://www.nysed.gov/common/nysed/files/programs/data-privacy-security/inventory-of-data-elements-collected-by-nysed_0.pdf

Software (programs/web-based applications) used in the District, both free and paid, are vetted for compliance with New York State Education Law-2d. The link below contains a list of (and link to) all of the Data Privacy Agreements that the district has in place with third-party vendors. This list will be updated as new platforms are added. A link to the Privacy Policy contains additional information specific to the company's policies. Where appropriate, we have included supplemental information that further explains the protection of student and staff data.

GNPS Data Privacy Agreements and Approved Software List

Family Educational Rights and Privacy Act (FERPA) – The foundational federal law on the privacy of students’ educational records, FERPA safeguards student privacy by limiting who may access student records, specifying for what purpose they may access those records, and detailing what rules they have to follow when accessing the data.

Protection of Pupil Rights Amendment (PPRA) – PPRA defines the rules states and school districts must follow when administering tools like surveys, analysis, and evaluations funded by the US Department of Education to students. It requires parental approval to administer many such tools and ensures that school districts have policies in place regarding how the data collected through these tools can be used.

Children's Online Privacy Protection Rule (COPPA) – COPPA imposes certain requirements on operators of websites, games, mobile apps or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.

Source: NYSED.GOV

The following Annual Notification is published in our district calendar and distributed to all parents each school year:

The district recognizes its legal responsibility to maintain the confidentiality of student records. As part of this responsibility, parents/persons in parental relation and students age 18 or over have the right to inspect and review education records. The procedures for ensuring these rights are consistent with New York State and Federal law, including the Family Educational Rights and Privacy Act of 1974 (FERPA) and its implementing regulations and the Great Neck Public School’s Parents’ Bill of Rights for Data Privacy and Security (Policy 5500-E).

The district also recognizes its responsibility to ensure the orderly retention and disposition of student records of district-sanctioned programs and activities. The district uses reasonable methods to provide access to student educational records only to those authorized under applicable law, and to authenticate the identity of the requestor.