New York Education Law §2-d, designed to protect student data, became effective in April 2015. The NYS Education Department (NYSED) has been working with an advisory group and has held statewide forums in order to receive input to develop implementing regulations. The proposed regulations were brought before the Board of Regents for discussion at their January 2019 meeting and following a comment period, were adopted in May 2019. The regulations are effective July 1, 2019.
The law and enacting regulations detail school district responsibilities for ensuring that student data is protected and that parents are afforded due process rights should breeches of student data privacy occur. One of the new requirements is that districts must designate one or more employees to serve as the educational agency’s data protection officer who will be responsible for implementing the policies and procedures required in Education Law 2-d and serve as the point of contact for data security.
Guidance, available here, was recently released by (NYSED) regarding the criteria for a district data security officer (DSO).