Data Privacy and Security Resources

At Indian River Central School District (IRCSD), we strive to provide the highest quality education to your child. In doing so, we collect and utilize data in a variety of ways to provide learning resources, measure student progress, tailor learning strategies, make operational decisions, and meet state and federal reporting requirements, just to name a few.

This data, when collected and utilized appropriately by our skilled team of educators, can be a powerful tool to enhance your child’s educational experience. Knowing the level of impact this information can have, our district puts a heavy focus on its protection and your child’s privacy. We have made significant investments in both time and resources to implement a quality, modern cybersecurity program, leveraging the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF).

We have provided this page to give parents and members of our school community greater insight into how we utilize student information, make you aware of your rights, and hopefully simplify a complex space. Our Data Protection Officer is always available to help with any questions you may have.

You may also view our district’s Data Security and Privacy Policy HERE for more details.

Data Protection Officer
DPO Sarah Matteson

Sarah Matteson Assistant Superintendent 315-642-3441 sarahmatteson@ircsd.org

Our district’s data protection officer is responsible for the overall implementation of our data privacy and security program and communication with our district community with any necessary information in this space. One of our main objectives at IRCSD is to ensure the safety and security of our students’ personal information.

Parents' Rights

Parents’ rights with regard to the disclosure and utilization of their child’s information are identified primarily in the following statutes:

  • Federal Educational Rights and Privacy Act (FERPA), which can be viewed HERE

  • New York State Education Law Section 2-d (NYS Ed Law 2-d), which can be viewed HERE and its associated NYSED Part 121 Regulations, which can be viewed HERE

IRCSD is required to annually notify parents of their rights under FERPA; that information can be found in our FERPA Notification Policy HERE. Under FERPA, IRCSD may identify certain data elements as Directory Information, which may be disclosed without obtaining prior parental consent. Parents are provided with the opportunity to opt out of certain Directory Information disclosures by filling out the form HERE. The data identified as Directory Information by IRCSD is:

  • Student's name, address, telephone number

  • Student's date and place of birth

  • Student's major course of study

  • Student's participation in school activities or sports

  • Student's weight and height if a member of a sports team

  • Student's date of attendance

  • Student's degree and awards received

  • Student's most recent school attended

  • Student's class schedule

  • Student's photograph/video

  • Student's email address

  • Student's class roster

Additional FERPA Links: Inspection of Student Records, Correction of Student Records

The IRCSD Student Records Policy can be found HERE.

NYS Ed Law 2-d requires educational agencies to adopt and share with parents their rights under the law, otherwise known as the Parents’ Bill of Rights, which can be viewed HERE.

Unauthorized Disclosure Reporting

In the event of an incident involving the unauthorized disclosure of student Personally Identifiable Information (PII), the District is required to notify the New York State Education Department’s Chief Privacy Officer within 10 days and affected parents, eligible students, and/or teachers within 60 days.

Should the District become aware of the unauthorized disclosure of student information affecting your child, you can expect to receive notification from IRCSD containing the following information:

  • A description of the unauthorized release

  • Dates of the incident

  • Date of discovery of the incident

  • Description of the types of PII affected

  • Description of the agency’s investigation

  • Contact information for further assistance

Parents, eligible students (students who are at least 18 years of age), principals, teachers, and employees of an educational agency may file a complaint about a possible breach or improper disclosure of student data and/or protected teacher or principal data. Complaints may be made directly to our Data Protection Officer by utilizing the form found HERE.

All complaints of this nature are taken seriously by our District and will be investigated as immediately and thoroughly as possible.

Individuals may always wish to file a complaint directly with the New York State Education Department’s Chief Privacy Officer and can do so HERE.

Software Inventory and Supplemental Information

Third-party contractors who receive student information must abide by certain identified measures to support the protection of student privacy. IRCSD posts an inventory of our contractors that collect/process student information along with Supplemental Information for each of these contracts. Supplemental Information can be viewed HERE and includes the following information.

  • Exclusive purpose for data use

  • Subcontractor management processes

  • Contract duration

  • Data destruction practices

  • Data accuracy challenge procedures

  • Data storage / processing locations

  • Security protections in place

  • Encryption practices

Please note, where a contractor or information system is listed in our inventory and no supplemental information is displayed, IRCSD is in the process of pursuing the necessary contract language with that entity.

Other Applicable Laws

In addition to FERPA and NYS Ed Law 2-d, the following statutes also govern our activities with regard to student and other sensitive information protection:

Protection of Pupil Rights Amendment (PPRA) - PPRA defines the rules states and school districts must follow when administering tools like surveys, analysis, and evaluations funded by the US Department of Education to students. It requires parental approval to administer many such tools and ensures that school districts have policies in place regarding how the data collected through these tools can be used. Our PPRA opt-out letter can be found HERE.

Children's Online Privacy Protection Rule (COPPA) - COPPA imposes certain requirements on operators of websites, games, mobile apps or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.

Office of Information Technology Services (NYS Technology Law) - NYS Technology Law establishes the Office of Information technology services to strategically manage the planning and development of technological resources in conjunction with state and local government agencies. NYS Technology Law also includes specific provisions for the use of biometric identifying technology in schools pending additional research by the NYS Education Department.