Bill of Rights for Data Privacy and Security (Parents' Bill of Rights)
To satisfy their responsibilities regarding the provision of education to students in pre-kindergarten through grade twelve, “educational agencies” (as defined below) in the State of New York collect and maintain certain personally identifiable information from the education records of their students. As part of the Common Core Implementation Reform Act, Education Law §2-d requires that each educational agency in the State of New York must develop a Parents’ Bill of Rights for Data Privacy and Security (Parents’ Bill of Rights). The Parents’ Bill of Rights must be published on the website of each educational agency, and must be included with every contract the educational agency enters into with a “third party contractor” (as defined below) where the third party contractor receives student data, or certain protected teacher/principal data related to Annual Professional Performance Reviews that is designated as confidential pursuant to Education Law §3012-c (“APPR data”).
The purpose of the Parents’ Bill of Rights is to inform parents (which also include legal guardians or persons in parental relation to a student, but generally not the parents of a student who is age eighteen or over) of the legal requirements regarding privacy, security and use of student data. In addition to the federal Family Educational Rights and Privacy Act (FERPA), Education Law §2-d provides important new protections for student data, and new remedies for breaches of the responsibility to maintain the security and confidentiality of such data.