Data Security and Privacy
Technology is an integral part of the teaching and learning experience in the Quogue Union Free School District. The ever-increasing availability of online teaching and learning resources comes with inherent risks and concerns regarding student data, privacy, and student work. We as a district have a responsibility to ensure that student's data and privacy are adequately protected while using any online digital resource for school work. The Quogue Union Free School District is providing the following information/resources for parents, teachers, and the community so that they can better understand what student data is, how student data is collected and used, and the laws and practices that the district adheres to in order to protect student data and privacy.
If you have any questions or concerns regarding data privacy and security, please contact
Michael Zuccaro, Assistant to the Superintendant and Data Protection Officer (DPO).
Phone: 631.653.4285 x503
Parent and Staff Information
- What is Student Data?
- NYSED How to Report an Improper Disclosure
- A Parents Guide to Student Data Privacy (FERPA/SHERPA)
- Protecting Student Privacy
- Parents Bill of Rights for Data Privacy and Security
- NYSED Parents Bill of Rights for Data Privacy and Security
- Inventory of Data Elements Collected by NYSED
- Data Security Practices for Educators
- NYSED Parent Data Dashboard
The Quogue Union Free School District oversees a wide range of information about students. The district manages personally identifiable information (PII) about students in accordance with the federal laws known as FERPA and COPPA. More information regarding federal and state laws, district policies, and guidelines that address technology use and student data privacy are listed below.
New York State Data Privacy and Security
- NYSED October 28, 2020 Memo Regarding Data Security and Privacy
- Ed Law 2D - Education Law § 2-d went into effect in April 2014. The focus of the statute was to foster privacy and security of personally identifiable information (PII) of students and certain PII related to classroom teachers and principals.
- Part 121 Amendment to Ed Law 2D- Although the proposed regulations largely restate the requirements of Education Law § 2-d, there are new elements, including the adoption by the New York State Education Department of a data security and privacy standard, as was required by the statute. The Department will adopt the National Institute for Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity Version 1.1 (CSF or Framework).
Applicable Federal and State Laws that Impact Technology Use and Student Privacy
- Family Educational Rights and Privacy Act (FERPA)
- Children’s Online Privacy Protection Act (COPPA)
- Children’s Internet Protection Act (CIPA)
- Protection of Pupil Rights Amendment (PPRA)
- Individuals with Disabilities in Education Act (IDEA)
Quogue Union Free School District Policies and Guidelines for Student Data and Security
Third-Party Ed Law 2D Privacy Agreement
NSYED Model Data Privacy Agreement and Instructions for Third-Party Vendors
The District will ensure that whenever it enters into a contract or other written agreement with a third-party contractor under which the third-party contractor will receive student data or teacher or principal data from the District, the contract or written agreement will include provisions requiring that confidentiality of shared student data or teacher or principal data be maintained in accordance with the law, regulation, and District policy.
In addition, the District will ensure that the contract or written agreement includes the third-party contractor's data privacy and security plan that has been accepted by the District. The third-party contractor's data privacy and security plan must, at a minimum:
- Outline how the third-party contractor will implement all state, federal, and local data privacy and security contract requirements over the life of the contract, consistent with District policy;
- Specify the administrative, operational, and technical safeguards and practices the third-party contractor has in place to protect PII that it will receive under the contract;
- Demonstrate that the third-party contractor complies with the requirements of 8 NYCRR Section 121.3(c);
- Specify how officers or employees of the third-party contractor and its assignees who have access to student data or teacher or principal data receive or will receive training on the laws governing the confidentiality of this data prior to receiving access;
- Specify if the third-party contractor will utilize subcontractors and how it will manage those relationships and contracts to ensure PII is protected;
- Specify how the third-party contractor will manage data privacy and security incidents that implicate PII including specifying any plans to identify breaches and unauthorized disclosures and to promptly notify the District;
- Describe whether, how, and when data will be returned to the District, transitioned to a successor contractor, at the District's option and direction, deleted or destroyed by the third-party contractor when the contract is terminated or expires; and
- Include a signed copy of the Parents' Bill of Rights for Data Privacy and Security
Supplemental Ed Law 2D Agreements with Third-Party Vendors
- Google Workspace Agreement
- McGraw Hill
- QuaverEd Inc.
- Starfall Education Foundation
- Irvin Simon
- Tools of the Mind
- Allied Universal Security Services
- Typing Agent
- Follet Destiny
- Additional Info Coming Soon
Supplemental Ed Law 2D Agreements with Third-Party Vendors Through Regional BOCES CoSer Agreements
- Blackboard Connect
- IEP Direct