Data Security & Privacy

Data Security & Privacy

Ed Law 2-D & Data Privacy and Security

New York State Education Law 2-d Part 121 of the Commissioner's Regulations requires that each education agency shall publish their Data Security and Privacy Policy and their Parent's Bill of Rights for Data Privacy and Security.

The law also requires that with each contract an educational agency enters with a third-party contractor, that received personally identifiable information (PII), must contain a signed bill of rights and supplemental information.  In turn, each educational agency will have to publish, on its website, the signed parent's bill of rights and supplemental information to the bill of rights for each software contract.

Data Security and Privacy Policy

OACS Unauthorized Disclosure Complaint Form
Unauthorized Disclosure Complaint Form

Student(s), Eligible Student(s), Parent(s), Teacher(s) or Principals and other OACS staff who have information indicating there has been a Breach or Unauthorized Disclosure of Protected Data may report that information to the Data Protection Officer, or DPO, by completing the form below.

Additional Information:
After submitting the form, the DPO will promptly acknowledge receipt of the report within 24 hours.

When the factfinding process is complete, the DPO will provide the reporting party with the findings made at the conclusion of the factfinding process; this should occur no later than 60 days after the receipt of the initial report, and, if additional time is needed, the reporting party shall be given a written explanation within the 60 days that includes the approximate date when the findings will be available.

Please note that OACS shall maintain a record of each report received of a possible Breach or Unauthorized Disclosure, the steps taken to investigate the report, and the findings resulting from the investigation in accordance with the applicable record retention policies.

First Name:
Last Name:
Phone Number:


To validate your submission, please answer the following math problem:

captcha math problem

Data Protection Officer (DPO)

Name:  Jenny Davis

Related Links

RIC One District Data Privacy Inventory Tool

Ric One is comprised on 12 Regional Information Centers in New York State.  These RICs work together with the State Education Department of develop and provide services to school districts.  The RIC One Date Privacy and Security (DPS) initiative supports district compliance with New York State's Common Core Reform Act, Education Law 2-d and Part 121 Regulations.  One of the items created to help assist districts was the Data Privacy Inventory Tool or DPIT.

The Data Privacy Inventory Tool compiles a list of district software as required by Education Law 2-d Part 121 Regulations.  It provides a means for sharing our parent's bill of rights, supplemental information and compliance with components of the NIST Cybersecurity Framework.

Key Categories of the Data Privacy Inventory Tool

Contract Source:  How the software product is procured:  either BOCES, District, or District - Free
Supporting Documentation:  Document links or attachments to signed parent's bill of rights and supplemental information

Note:  Information posted in the data privacy inventory tool is continually updated.

View text-based website