1 / 11

Ed Law2-d Agenda

This proposal outlines the implementation timeline for the Ed.Law2-d Data Security and Privacy Plan, which includes measures such as training, data protection officer designation, breach notification, and more.

margaretmiles
Download Presentation

Ed Law2-d Agenda

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ed Law2-d Agenda • Overview of Proposal Rule by Section • Implementation Issues • Timeline

  2. Why is this important? • NYSCOSS Session Story • Phishing emails… • Newark Stats:

  3. Critical Changes or Additions • Data Collection Transparency and Restrictions • Parents’ Bill of Rights • Parent Complaints of Breach or Unauthorized Release of Personally Identifiable Information • Data Privacy and Security Standards • Data Security and Privacy Plan • Training for Education Agency Employees • Data Protection Officer • Third Party Contractors • Rights of Parents and Eligible Students to Inspect and Review Students Education Records

  4. Data Collection Transparency and Restrictions • Do not sell PII or disclose it for marketing or commercial purposes • Take steps to minimize the collection, processing and transmission of PII • Ensure that contracts with Third Party Providers are maintained and in accordance with Federal and State Law

  5. National Institute of Standards and Technology Cybersecurity Framework is the Data Security and Privacy Standard for Educational Agencies

  6. NIST

  7. Data Security and Privacy Plan • Each Educational Agency that enters into a contract shall ensure that such contract includes a data security and privacy plan • Must outline how they will implement requirements • Includes a signed copy of Parents’ Bill of Rights • Includes a requirement that any employees of Third Party Contractors who have access to data have received training • Comply with Ed Law 2d

  8. Training for Educational Agency Employees • Educational Agencies shall provide annual training on information privacy and security awareness • Training can be either online or face to face

  9. Data Protection Officer • Each Educational Agency must designate one or more employees • May be a current employee • Can perform additional job responsibilities

  10. Reports and Notification of Breach and Unauthorized Release • Third party contractors shall notify Educational Agencies of any breach • Educational Agencies notify the Chief Privacy Officer (CPO) at NYSED no more than 10 calendar days • Educational Agencies must notify parents no more than 14 calendar days after discovery (unless it creates an interference of a law enforcement investigation) • Notification can by distributed by first class mail, email or telephone • CPO will process and investigate to determine further course of action either by Educational Agency, Law Enforcement or penalty to any Third Party

  11. Implementation Timeline

More Related