Gary Stern reports:
The state Education Department has produced a last-minute, preliminary “parents’ bill of rights” on the use and security of student data – hours before a legally imposed deadline to do so.
Ken Wagner, deputy education commissioner, sent an email to superintendents and other education officials on Tuesday evening alerting them that a bill of rights had been posted online.
The Journal News reported last week that the department was unlikely to meet its July 29 deadline, set by lawmakers in the state budget. The report also said that school districts were concerned that they might be forced to write their own bills to comply with state law.
Read more on LoHud.
You can read the bill of rights here (pdf). As suggested by Stern’s reporting, it’s not particularly helpful other than as a cursory recap of state and federal law. Indeed, it does not even seem to mention I.D.E.A., which the state enforces, and which also incorporates some privacy and confidentiality provisions. Nor does it really spell out any meaningful data security practices for districts and BOCES that would point them to a source for industry standards, saying only:
State and federal laws protect the confidentiality of PII, and safeguards associated with industry standards and best practices, including, but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
Those standards and more details will supposedly come after a CPO is appointed.
The only thing the bill of rights is crystal clear about is that NYS law does not create a private cause of action for violations.