Part 121 of the Regulations of the Commissioner of Education

Strengthening Data Privacy and Security in NY State Educational Agencies to Protect Personally Identifiable Information

The Board of Regents adopted Part 121 of the Regulations of the Commissioner of Education on January 13, 2020. These rules implement Education Law Section 2-d and provide guidance to educational agencies and their third-party contractors on ways to strengthen data privacy and security to protect student data and annual professional performance review (APPR) data. The regulation, which went through multiple revisions and three rounds of public comments, became effective on January 29, 2020.  It applies to both charter and traditional public schools, as well as Chapter 853 Schools, Universal Prekindergarten Programs authorized pursuant to Education Law § 3602-e, Special Act School Districts as defined in Education Law § 4001, approved preschool special education services, any other publicly funded pre-kindergarten program, state-supported schools subject to the provisions of Education Law Article 85, state-operated schools subject to Education Law Article 87 or 88, each Board of Cooperative Educational Services, and the State Education Department. We thank the members of the Data Privacy Advisory Council, implementation planning and drafting workgroups that supported the Department’s Chief Privacy Officer through this process.