Computer Network Use Policy
Technology for Education
To view the district’s computer network policy, click here. For any questions, please see your building principal.
Parents’ Bill of Rights for Student Data Privacy and Security
The Voorheesville Central School District, in recognition of the risk of identity theft and unwarranted invasion of privacy, affirms its commitment to safeguarding student personally identifiable information (PII) in educational records from unauthorized access or disclosure in accordance with State and Federal law. The Voorheesville Central School District establishes the following parental bill of rights:
- Student PII will be collected and disclosed only as necessary to achieve educational purposes in accordance with State and Federal Law.
- A student’s personally identifiable information cannot be sold or released for any marketing or commercial purposes by the district or any a third party contractor. The district will not sell student personally identifiable information and will not release it for marketing or commercial purposes, other than directory information released by the district in accordance with district policy;
- Parents have the right to inspect and review the complete contents of their child’s education record (for more information about how to exercise this right, see 5500-R);
- State and federal laws, such as NYS Education Law §2-d and the Family Educational Rights and Privacy Act, protect the confidentiality of students’ personally identifiable information. Safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred;
- A complete list of all student data elements collected by the State Education Department is available for public review at http://nysed.gov.data-privacy-security or by writing to: Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany, NY 12234
- Parents have the right to have complaints about possible breaches and unauthorized disclosures of student data addressed. Complaints should be directed to the Data Protection Officer at 432 New Salem Road, Voorheesville, NY 12186. Complaints can also be directed to the New York State Education Department using the improper disclosure form. You can also make a complaint by mailing the Chief Privacy Officer at the New York State Education Department, 89 Washington Avenue, Albany, NY 12234, by emailing email@example.com or calling 518-474-0937.
- Parents have the right to be notified in accordance to applicable laws and regulations if a breach or unauthorized release of their student’s PII occurs.
- Parents can expect that educational agency workers who handle PII will receive annual training on applicable federal and state laws, regulations, educational agency’s policies and safeguards which will be in alignment with industry standards and best practices to protect PII.
In the event that the District engages a third party provider to deliver student educational services, the contractor or subcontractors will be obligated to adhere to State and Federal Laws to safeguard student PII. Parents can request information about third party contractors by contacting the district office.
Each third-party contractor that will receive student data or teacher or principal data must:
- adopt technologies, safeguards and practices that align with the NIST CSF;
- limit internal access to PII to only those employees or sub-contractors that need access to provide the contracted services;
- not use the PII for any purpose not explicitly authorized in its contract;
- not disclose any PII to any other party without the prior written consent of the parent or eligible student (i.e., students who are eighteen years old or older):
- except for authorized representatives of the third-party contractor to the extent they are carrying out the contract; or
- unless required by statute or court order and the third party contractor provides notice of disclosure to the district, unless expressly prohibited.
- maintain reasonable administrative, technical and physical safeguards to protect the security, confidentiality and integrity of PII in its custody;
- use encryption to protect PII in its custody; and
- not sell, use, or disclose PII for any marketing or commercial purpose, facilitate its use or disclosure by others for marketing or commercial purpose, or permit another party to do so. Third party contractors may release PII to subcontractors engaged to perform the contractor’s obligations, but such subcontractors must abide by data protection obligations of state and federal law, and the contract with the district.
If the third-party contractor has a breach or unauthorized release of PII, it will promptly notify the district in the most expedient way possible without unreasonable delay but no more than seven calendar days after the breach’s discovery.
Third-Party Contractors’ Data Security and Privacy Plan
The district will ensure that contracts with all third-party contractors include the third-party contractor’s data security and privacy plan. This plan must be accepted by the district.
At a minimum, each plan will:
- outline how all state, federal, and local data security and privacy contract requirements over the life of the contract will be met, consistent with this policy;
- specify the safeguards and practices it has in place to protect PII;
- demonstrate that it complies with the requirements of Section 121.3(c) of this Part;
- specify how those who have access to student and/or teacher or principal data receive or will receive training on the federal and state laws governing confidentiality of such data prior to receiving access;
- specify if the third-party contractor will utilize sub-contractors and how it will manage those relationships and contracts to ensure personally identifiable information is protected;
- specify how the third-party contractor will manage data security and privacy incidents that implicate personally identifiable information including specifying any plans to identify breaches and unauthorized disclosures, and to promptly notify the district;
- describe if, how and when data will be returned to the district, transitioned to a successor contractor, at the district’s direction, deleted or destroyed by the third-party contractor when the contract is terminated or expires.