Data Privacy and Security

  • In order to conduct a successful education program, the district receives, creates, stores and transfers information about students, teachers and principals that is protected by state and federal law. The district takes active steps to protect the confidentiality of protected information in compliance with all applicable state and federal laws. The district expects all District officers, employees, and partners to maintain the confidentiality of protected information in accordance with state and federal law and all applicable Board Policies.


    District policy on prviacy and security

  • Data Protection Officer

    Mrs. Laura Dutton

    Phone: 315-826-0203

  • Parents' Bill of Rights

    Poland Central School District uses current technology, including electronic storage, retrieval, and analysis of information about students’
    education experience in the District, to enhance opportunities for learning and to increase efficiency of our operations.
    To assist in meeting legal requirements for maintaining privacy and security of protected student data and protected principal and teacher
    data, including Section 2-d of New York State Education Law, the District has posted this Parents Bill of Rights for Data Privacy and

    Poland Central School District
    Parents’ Bill of Rights for Data Privacy and Security

    1. A student’s personally identifiable information cannot be sold or released for any commercial purposes.
    2. Parents have the right to inspect and review the complete contents of their child’s education record. The
      procedures for exercising this right can be found in the Poland Central School Policy, No. 7500.
    3. State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated
      with industry standards and best practices, including but not limited to, encryption, firewalls, and password
      protection, must be in place when data is stored or transferred.
    4. A complete list of all student data elements collected by the State is listed at
      security/student-data-inventory and may also be obtained by writing to the Office of Information & Reporting Services, New York State Education Dept., Room 863 EBA, 89 Washington Avenue, Albany, NY 12234.
    5. Parents have the right to have complaints about possible breaches of student data addressed.
    • Parents may make a written report of a possible breach of student data to the Poland Central School District
      Data Protection Officer by submitting the Unauthorized Release of Student Data Complaint Form. The form may
      be found by clicking HERE, searching our policy manual for Regulation 5305.1, or calling District Office at 315-
      826-0203. The NYS Security Breach Reporting Form should be mailed or delivered to the Poland CSD Data
      Protection Officer, Attn: Superintendent of Schools, 74 Cold Brook Street, Poland, New York 13431.
    • Complaints may also be directed in writing to the Chief Privacy Officer, New York State Education Department,
      Room 863 EBA, 89 Washington Avenue, Albany, New York 12234.


    Supplemental Information about Third Party Contracts

    We are compiling the following information about each agreement between Poland CSD and an outside party that receives protected student data, or protected principal or teacher data, from BOCES or a participating school district: (1) the exclusive purposes for which the data will be used, (2) how the contractor will ensure that any subcontractors it uses will abide by data protection and security requirements, (3) when the contract expires and what happens to the data at that time, (4) if and how an affected party can challenge the accuracy of the data that is collected, (5) where the data will be stored, and (6) the security protections taken to ensure the data will be protected, including whether the data will be encrypted.
    For information about contracts, please call District Office at 315-8260-0203 or email

  • FERPA Notice

    Poland Central School District is required to annually notify parents of their rights under FERPA; that information can be found in our FERPA Notification Policy. Under FERPA, the District may identify certain data elements as Directory Information, which may be disclosed without obtaining prior parental consent. Parents are provided with the opportunity to opt out of certain Directory Information disclosures by filling out the form HERE. The data identified as Directory Information by our BOCES is:

    • student’s name
    • address
    • telephone number
    • email address
    • date and place of birth
    • name of the student’s parents
    • student’s home school district
    • student’s class designation
    • participation in extracurricular activities
    • dates of attendance
    • student’s achievement awards and honors
    • most recent previous educational agency attended by the student.
    • photographs
    • audio recordings
    • video images of students (with or without sound) engaged in routine activities.


    Additional FERPA Form Links: Inspection of Student RecordsCorrection of Student Records

  • District Software Inventory

    We are working on getting you all access to a tool provided by RICOne that we will be able to display our software inventory and their 2-D contract information with one Hyperlink. We will be sure to reach out once your access is granted. 

  • Breach or Unauthorized Release of Student Data Complaints

    The Poland Central School District is dedicated to the protection of student data and to maintaining data security and privacy across the district. If you believe that a breach or unauthorized disclosure of student personally identifiable information has occurred, please complete this form [need to confirm form from Mrs. Dutton] and submit it in person to our Data Protection Officer, Mrs. Laura Dutton. Any parent, eligible student (students who are at least 18 years of age or attending a postsecondary institution at any age), principal, teacher or employee of an educational agency may file a complaint. A complaint can also be submitted to the New York State Chief Privacy Officer using this online form.

  • Federal Laws that Protect Student Data

    Education Law 2-D (click on link to download)

    Provides guidance to educational agencies and their third-party contractors on ways to strengthen data privacy and security to protect student data and annual professional performance review data.

    Part 121 of the Regulations of the Commissioner of Education (click on link to download)

    The Board of Regents adopted Part 121 of the Regulations of the Commissioner of Education on January 13, 2020. These rules implement Education Law Section 2-D.

    Family Educational Rights and Privacy Act (FERPA) (click on link to download)

    The foundational federal law on the privacy of students’ educational records, FERPA, safeguards student privacy by limiting who may access student records, specifying for what purpose they may access those records, and detailing what rules they have to follow when accessing the data.

    Protection of Pupil Rights Amendment (PPRA) (click on link to download)

    PPRA defines the rules states and school districts must follow when administering tools like surveys, analysis and evaluations funded by the U.S. Department of Education to students. It requires parental approval to administer many such tools and ensures that school districts have policies in place regarding how the data collected through these tools can be used.

    Children's Online Privacy Protection Rule (COPPA) (click on link to download)

    COPPA imposes certain requirements on operators of websites, games, mobile apps or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.