Data Privacy, Security & NYS Compliance
Data Privacy and Security
Student data privacy and student security are critical concerns at Jericho. To that end, we have developed robust policies designed to protect the data of our students, and we have put in place a number of safeguards with the same goal in mind. Here is a brief overview of what you will find here:
All Technology-Related Jericho Policies and Addendums - This is a one stop shop containing all Jericho tech-related policies: Student Acceptable Use Policy, Staff Acceptable Use Policy, Parameters of Acceptable Staff DCS Usage, Data Disaster Recovery Plan (redacted), Data Privacy and Security Policy, Device Lending Agreement, Directory Information Policy, Parents' Bill of Rights, and the Supplemental Data Required from Vendors
Ed law 2-d and Other Regulations - Learn about Ed law 2-d, FERPA, PPRA, and COPPA, Jericho's processes for ensuring Ed law 2-d compliance, how to file a complaint related to data or privacy, and how to opt-out from tech services and data sharing as prescribed by FERPA
NIST Framework - The NIST Framework is the set of security standards Jericho adhere to as per New York State
Parents' Bill of Rights - learn about your rights as a parent and view the other documentation vendors must sign before Jericho's students use their product
Social Media - Presentations and information related to safe, smart social media use
Student Internet Safety - Learn more about best practices in Internet safety as well as ways to protect you and your children at home and elsewhere
-

-
Other Laws Protecting Children
- Children's Online Privacy Protection Act (COPPA) - COPPA imposes certain requirements on operators of websites, games, mobile apps or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.
- Family Educational Rights and Privacy Act (FERPAFERPA - The foundational federal law on the privacy of students’ educational records, FERPA safeguards student privacy by limiting who may access student records, specifying for what purpose they may access those records, and detailing what rules they have to follow when accessing the data.
- Protection of Pupil Rights Amendment (PPRA) - The Protection of Pupil Rights Amendment (PPRA) is a federal law that affords certain rights to parents of minor students with regard to surveys that ask questions of a personal nature. Briefly, the law requires that schools obtain written consent from parents before minor students are required to participate in any U.S. Department of Education funded survey, analysis, or evaluation that reveals information concerning the following areas:
- Political affiliations;
- Mental and psychological problems potentially embarrassing to the student and his/her family;
- Sex behavior and attitudes;
- Illegal, anti-social, self-incriminating and demeaning behavior;
- Critical appraisals of other individuals with whom respondents have close family relationships;
- Legally recognized privileged or analogous relationships, such as those of lawyers, physicians, and ministers;
- Religious practices, affiliations, or beliefs of the student or student's parent*; or
- Income (other than that required by law to determine eligibility for participation in a program or for receiving financial assistance under such program.)
-
Reporting an Improper Data Disclosure
In the event that you believe data has been released improperly, please complete this form and we will investigate.
Online Safety Tips
-
Just because you recognize a picture or name, check where the link is actually going by hovering over it.

-
If you didn't expect it, reject it!
-
We recommend two factor authentication where ever possible.
-
Never share your password.
-
Have a different password for different websites.
Google Security
Google has a security check up . You can check where your account has logged into, what devices and what data is being shared with, and any apps connected to your Google account.


-
-
-
Social media can be a force for good, but it also poses some unique threats to our students as they seek to develop identities that span the physical and virtual worlds. To learn more about some of the dangers posed to our students by social media, check out this slideshow.
A number of social media services have been designed with kids in mind:
The challenging nature of parenting in a social media world is worth reading about:
-
General Information
Child Friendly Search Engines
Virus/Firewall Protection Software
Web Filtering Software
- AOL has built in filtering
- Cyber Patrol
- FoolProof Internet
- Net Nanny
Ed Law 2-d and Other Regulations
This page is dedicated to walking parents through not only Ed law 2-d, but also other laws protecting children as well as how to report a suspected data breach.
-
A law enacted in 2014 that focuses on the protection and handling of personal identifiable information (PII).
-
PII includes, but is not limited to:
The student’s name;
The name of the student’s parent or other family members;
The address of the student or student’s family;
A personal identifier, such as the student’s social security number, student number, or biometric record;
Other indirect identifiers, such as the student’s date of birth, place of birth, and mother’s maiden name;
Other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty; or
Information requested by a person who the educational agency or institution reasonably believes knows the identity of the student to whom the education record relates.34 CFR §99.3. We also recommend protection of the additional element identified in the implementing regulations of the Individuals with Disabilities Education Act (IDEA), 20 U.S.C. § 1400 et seq., as PII, with regard to IDEA eligible students, that is: a list of personal characteristics or other information that would make it possible to identify the child with reasonable certainty. 34 CFR § 300.32.
The confidentiality and privacy provisions do not apply to de-identified data (e.g., data regarding students that uses random identifiers), aggregated data (e.g., data reported at the school district level) or anonymized data that could not be used to identify a particular student.
-
The protections in the statute also extend to teacher data or principal data, defined as PII from the records of an educational agency relating to the annual professional performance reviews of classroom teachers or principals that is confidential and not subject to release under the provisions of Education Law §§ 3012-c and 3012-d.
-
These rules will implement Education Law Section 2-d and provide guidance to educational agencies and their third-party contractors on ways to strengthen data privacy and security to protect student data and annual professional performance review data.
-
Yes! We send all third party software providers and any vendor who will have access to student data three forms: our Parents' Bill of Rights, our Confidentiality and Data Security and Privacy Standards Addendum, and Data Security and Privacy Plan.
BOCES approved Ed law 2-d agreements: https://dpit.riconedpss.org/supplemental-information/02d9d2af98c045c407f0
District approved Ed law 2-d agreements: https://dpit.riconedpss.org/supplemental-information/02d9d2af98c045c705f4
District Ed law 2-d agreement tracker: https://docs.google.com/spreadsheets/d/1_nQzA5RrK_NTG0nVDWFkpujL80M0kzudJIy4BYO5FZI/edit#gid=0
Please note that not all listed vendors collect student data and therefore do not need to complete these agreements. In some cases, a vendor may be approved via Nassau BOCES or another RIC and therefore won't appear on our tracker or on the list of district-approved agreements.
If an app or software collects no PII, it can be used without signed Ed law 2-d documentation. As a general rule, this means teachers can ask students to use apps that students don't login to, or apps that utilize random usernames and passwords and do not retain data on students. In the vast majority of cases, non-compliant sites, apps, and software will include a notice on their legal page that states the site/app/software is not for use for students under 13. This is a pretty good sign they're collecting data from students, and teachers should not use the service.
Key data privacy software policies:
- Canvas
- Clever
- ClassLink
- Data privacy agreements
- HMH (includes Read180, System44, Ed Your Friend in Learning, etc.)
- McGraw Hill
- PowerSchool
-
Complaints should be directed to:
Information Technology Department
Jericho UFSD
99 Cedar Swamp Rd
Jericho, NY 11753OR
Complaints can be directed to the New York State Education Department online at NYSED Data Privacy
By mail:
Chief Privacy Officer New York State Education Department
89 Washington Avenue Albany, NY 12234Email: privacy@mail.nysed.gov
Telephone at 518-474-0937 -
A parent/guardian may deny their child independent access to the internet at any time by submitting a letter to the school. However, teacher-directed internet activities are part of our curriculum and not subject to parent/guardian authorization. Such activities may include the use of various online educational Web sites and services that may require students to set up individual user accounts, with the minimum required personal information, solely for the purpose of accessing such services in connection with approved classroom instruction. Unless a parent/guardian denies such access for their child, students will be permitted to set up their accounts, with the consent of their teachers, in accordance with the Children’s Online Privacy Protection Act.
-
The Family Educational Rights and Privacy Act (FERPA) gives parents and students age 18 and older rights over student education records. The Parents’ Bill of Rights for Data Privacy and Security(Open external link)provides you with additional rights, and Chancellor’s Regulation A-820 (Open external link) provides additional information.
Please note that if you are a student and age 18 or over, these rights belong to you, and not your parents or guardians.
Among other things, you have the right to:
- Inspect and review your child’s education records within 45 days after the DOE receives your request.
- You should submit a written request that identifies the record(s) you wish to inspect.
- Your child’s school will notify you of the time and place where you may inspect the records.
- Request changes to your child’s education records when you believe they are inaccurate, misleading, or violate your child’s privacy rights under FERPA.
- You should make requests to amend records in writing, and identify what you want changed and the reason for doing so.
- If the DOE decides not to amend records as requested, you will be notified of the decision, and of your right to a hearing and certain hearing procedures.
- Provide written consent before personally identifiable information in your child’s education records is disclosed. However, in certain cases, FERPA allows disclosure without consent. Cases permitting disclosure without consent include:
- Disclosure to school officials who need to review education records to fulfill their professional responsibilities. School officials include:
- DOE employees (such as administrators, supervisors, teachers, other instructors, or support staff members); and
- People whom the DOE engages to perform services or functions for which it would otherwise use its employees. These include (a) individuals and entities providing DOE services and functions through contracts, (b) employees of other government agencies providing DOE-related services or functions, such as attorneys in the NYC Law Department representing the DOE, and school nurses and Office of School Health staff employed by the NYC Department of Health and Mental Hygiene, (c) parents, students, or other volunteers assisting other school officials in performing their tasks, and (d) other qualifying individuals or organizations, such as consultants and community-based organizations, but only if they have agreed in writing to keep student information confidential. Such people are required to be under the direct control of the DOE with respect to the use and maintenance of personally identifiable information from education records. Direct control is achieved in various ways, including by written agreement.
- When records are requested by officials of another school, district or education institution in which your child seeks or plans to enroll, or is already enrolled if made for purposes of your child’s enrollment or transfer.
- Other exceptions exist that permit disclosure of personally identifiable information without consent include certain types of disclosures. Some are listed below. Most of these types of disclosures are subject to certain additional requirements and limitations. Please see FERPA and Chancellor’s Regulation A-820 for more information about them.
- to authorized representatives of government entities and officials in connection with audits, evaluations, or certain other activities;
- in connection with financial aid for which the student has applied or which the student has received;
- to organizations conducting studies for, or on behalf of, the NYCDOE;
- to accrediting organizations to carry out their accrediting functions;
- to parents of students age 18 and over if the student is a dependent for Internal Revenue Service (IRS) tax purposes;
- to comply with a judicial order or lawfully issued subpoena;
- to appropriate officials in connection with a health or safety emergency; and
- of information that the NYCDOE has designated as “directory information.”
- Disclosure to school officials who need to review education records to fulfill their professional responsibilities. School officials include:
- File a complaint with the USDOE if you believe the NYC DOE failed to comply with FERPA’s requirements. Complaints may be filed here:
Student Privacy Policy Office
U.S. Department of Education
400 Maryland Avenue
SW Washington, DC 20202-8520
or by email to FERPA.Complaints@ed.gov
- Inspect and review your child’s education records within 45 days after the DOE receives your request.
