Data Privacy and Security

Education Law

NYS Education Law Section 2-d
Unauthorized release of personally identifiable information.

Commissioner's Regulations

Part 121 of the Regulations of the Commissioner of Education
Strengthening Data Privacy and Security in NY State Educational Agencies to Protect Personally Identifiable Information


Regarding Compliance with Education Law § 2-d and Part 121 (NYSED 10/28/22)
In June, the Board of Regents approved the emergency amendment to Part 121 that extended the deadline for educational agencies to post their Data Security and Privacy policy from July 1, 2020, to October 1, 2020. That date has now passed and the NYS Education Department (“Department”) expects that all educational agencies are now aligned with the requirements of both the statute and regulation. To aid agencies in their compliance with the above requirements as they further develop their data privacy and security programs, the Department has developed some templates and models that can serve as resources.

Federal Laws that Protect Student Data

Family Educational Rights and Privacy Act (FERPA)
The foundational federal law on the privacy of students’ educational records, FERPA safeguards student privacy by limiting who may access student records, specifying for what purpose they may access those records, and detailing what rules they have to follow when accessing the data.

Protection of Pupil Rights Amendment (PPRA)
PPRA defines the rules states and school districts must follow when administering tools like surveys, analysis, and evaluations funded by the US Department of Education to students.

 See Also:

Page Updated 11/21/22