Education Law §2-d Compliance Update and Reminders

Kristin Warner
Bond Schoeneck & King PLLC
Contact
LinkedIn
Facebook
X
Send
Embed

Bond Schoeneck & King PLLC

On July 19, 2023, the New York State Education Department (NYSED) issued a memo indicating its Privacy Office will begin monitoring educational agencies’ websites for compliance with New York State Education Law §2-d and the Family Educational Rights and Privacy Act (FERPA)* beginning this fall. In addition, the Privacy Office will be reaching out to these agencies to ensure compliance with other aspects of Education Law §2-d, such as annual Education Law 2-d mandated training and FERPA requirements. School districts, BOCES, and charter schools must comply with Education Law §2-d and FERPA.

What Will They Be Looking For on the Website?

For Education Law §2-d compliance, the Privacy Office will be looking for three things:

  • Whether the website contains a Parent’s Bill of Rights (PBOR), which must include but is not limited to information as to how parents or eligible students (if over the age of 18) can file a complaint.
  • Supplemental information for all third-party contracts where the contractor will be receiving student data or principal or teacher APPR-related data. This supplemental information may be contained within a separate 2-d Rider attached to your contracts or may have been provided as part of the contractor’s own Data Privacy Plan or Agreement.
  • Your Board’s data security and privacy policy. This policy should implement the requirements of the Education Law §2-d regulations found in Part 121 and align with the NIST CSF standards.

For FERPA compliance, the Privacy Office has indicated it will be looking to ensure the FERPA Annual Notification, the directory information policy, and parent opt-out forms are available on your websites.

Other Compliance Issues

Data Protection Officer Contact Information: The Privacy Office has also begun and will continue to email the data protection officers listed on the educational agencies’ website to ensure the accuracy of the information.

Annual Training Compliance: The memo states some agencies will be asked to share information regarding their annual data privacy and security awareness training to ensure compliance with 8 NYCRR §121.7. This information may include training sign-in sheets, certificates of completion, dates of training, the training itself or the name of the training service.

*NYSED’s authority to enforce FERPA is an open issue that can be discussed with clients on an individual basis.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bond Schoeneck & King PLLC | Attorney Advertising

Written by:

Bond Schoeneck & King PLLC
Bond Schoeneck & King PLLC
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Bond Schoeneck & King PLLC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide