Technology is an integral part of the teaching and learning experience in the Rocky Point Union Free School District. The ever-increasing availability of online teaching and learning resources comes with inherent risks and concerns regarding student data, privacy and student work. We as a district have a responsibility to ensure that student's data and privacy is adequately protected while using any online digital resource for school work. The Rocky Point Union Free School District is providing the following information/resources for parents, teachers, and the community so that they can better understand what student data is, how student data is collected and used and the laws and practices that the district adheres to in order to protect student data and privacy. 

If you have any questions or concerns regarding data privacy and security, please contact Mr. Reyes, Director of Technology and Data Protection Officer (DPO): 631.849.7081

Parent and Staff Information

• What do we mean by Student Data
• NYSED Fact Sheet for Parents
• NYSED How to Report an Improper Disclosure
• A Parent’s Guide to Student Data Privacy (FERPA/SHERPA)
• Protecting Student Privacy 101
• Rocky Point Parent Bill of Rights for Data Privacy and Security
• NYSED Parent Bill of Rights for Data Privacy and Security
• Inventory of Data Elements Collected by NYSED
• Data Security Practices for Educators
• Profile of a Data Privacy Officer
• NYSED Parent Data Dashboard (New November 2020)

The Rocky Point Union Free School District oversees a wide range of information about students. The district manages personally identifiable information (PII) about students in accordance with the federal laws known as FERPA and COPPA. More information regarding federal and state laws, district policies and guidelines that address technology use and student data privacy are listed below.

New York State Data Privacy and Security

• NYSED October 28, 2020 Memo Regarding Data Security and Privacy
• NYSED Data Security and Privacy Policy
• Ed Law 2D - Education Law § 2-d went into effect in April 2014. The focus of the statute was to foster privacy and security of personally identifiable information (PII) of students and certain PII related to classroom teachers and principals.
• Part 121 Amendment to Ed Law 2D Although the proposed regulations largely restate the requirements of Education Law § 2-d, there are new elements, including the adoption by the New York State Education Department of a data security and privacy standard, as was required by the statute. The Department will adopt the National Institute for Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity Version 1.1 (CSF or Framework).

Applicable Federal and State Laws that Impact Technology Use and Student Privacy

• Family Educational Rights and Privacy Act (FERPA)
• Children’s Online Privacy Protection Act (COPPA)
• Children’s Internet Protection Act (CIPA)
• Protection of Pupil Rights Amendment (PPRA)
• Individuals with Disabilities in Education Act (IDEA)

Rocky Point Union Free School District Policies and Guidelines for Student Data and Security | Technology Plan 2021-2025

• District Data Plan
• District Technology Plan 2021-2025
• Policy 3120: Acceptable Use Policy
• AUP Affidavit | Spanish Version
• Policy 7242: Student Directory Information
• Policy 5672: Information Security Breach and Notification
• Policy 5676: Privacy and Security for Student Data and Teacher and Principal Data
• Policy 7240: Student Records: Access and Challenge Under FERPA

Third Party Ed Law 2D Privacy Agreement

NSYED Model Data Privacy Agreement and Instructions for Third Party Vendors

The District will ensure that whenever it enters into a contract or other written agreement with a third-party contractor under which the third-party contractor will receive student data or teacher or principal data from the District, the contract or written agreement will include provisions requiring that confidentiality of shared student data or teacher or principal data be maintained in accordance with law, regulation, and District policy.

In addition, the District will ensure that the contract or written agreement includes the third-party contractor's data privacy and security plan that has been accepted by the District. The third-party contractor's data privacy and security plan must, at a minimum:

1. Outline how the third-party contractor will implement all state, federal, and local data privacy and security contract requirements over the life of the contract, consistent with District policy;
2. Specify the administrative, operational, and technical safeguards and practices the third-party contractor has in place to protect PII that it will receive under the contract;
3. Demonstrate that the third-party contractor complies with the requirements of 8 NYCRR Section 121.3(c);
4. Specify how officers or employees of the third-party contractor and its assignees who have access to student data or teacher or principal data receive or will receive training on the laws governing confidentiality of this data prior to receiving access;
5. Specify if the third-party contractor will utilize subcontractors and how it will manage those relationships and contracts to ensure PII is protected;
6. Specify how the third-party contractor will manage data privacy and security incidents that implicate PII including specifying any plans to identify breaches and unauthorized disclosures, and to promptly notify the District;
7. Describe whether, how, and when data will be returned to the District, transitioned to a successor contractor, at the District's option and direction, deleted or destroyed by the third-party contractor when the contract is terminated or expires; and
8. Include a signed copy of the Parents' Bill of Rights for Data Privacy and Security

Supplemental Ed Law 2D Agreements with Third Party Vendors

• BOCES Statewide Contracts and 2D Agreements (Rocky Point partners with ESBOCES to purchase many products--BOCES is responsible for the 2D agreements)
• Erie 1 BOCES Free Software Agreements
• Google Workspace Agreement
• Clever Agreement
• Mystery Science Agreement
• Google Opt In Agreement
• Savvas Agreement
• IXL Agreement
• Irvin Simon Photographers Agreement
• HMH Reading into Writing/HMH Go Math Agreement
• CODE HS Agreement
• Generation Genius Agreement
• Island Photography Agreement
• Noteflight Agreement
• OverDrive Sora Agreement
• Renaisannce Star Agreement
• Test Wizard Agreement
• eSchool Data Agreement (ESBOCES)
• nVision Agreement (ESBOCES)
• Frontline Agreement (ESBOCES)
• BookCreator Agreement
• Kami Agreement
• BE Publishing Agreement
• GoGuardian Agreement

Additional Resources

• National Center for Educational Services - Privacy Technical Assistance Center (PTAC)
• K12 Cyber Security Resource Center
• K12 Privacy & Security Blueprint
• The National School Board Association
• Student Data Privacy Pledge
• NYSED Legal Notices and Resources
• NIST Cybersecurity Framework