Skip To Main Content

Data Privacy and Security

Shawne Hunt - District Technology Facilitator, Data Privacy Officer

Hello!

In an effort to improve Ellicottville Central School District's network security and the privacy of our staff and students' personal identifiable information (PII) and our cyber security, New York State requires each school district to identify a Data Protection Officer (DPO). I assumed this position in July of 2024 and look forward to continually supporting the district's technology and privacy efforts.

First page of the PDF file: Ed_Law_2DProposedPart121OverviewDistrictRequirements_Charlie_King

Additionally, the district has been working to develop and maintain alignment with the National Institute of Standards and Technology (NIST) Cyber Security Framework which includes:

NIST Framework Chart

 

The links below will provide you with the policies and procedures the district has implemented in compliance with the law and framework.

If you have questions regarding data protection, please contact shunt(@)ecsny.org

Parent Bill of Rights

Supplemental Information - District Software

Statement of Policy 5676 - Privacy and Security For Student Data and Teacher and Principal Data/Parents Bill of Rights for Data Privacy and Security

The NYSSB/NYSSD are committed to maintaining the privacy and security of student data and teacher and administrator data and will follow all applicable laws and regulations for the handling and storage of this data in the NYSSB/NYSSD and when disclosing or releasing it to others, including, but not limited to, third-party contractors. The NYSSB/NYSSD adopts this policy to implement the requirements of Education Law Section 2-d and its implementing regulations, as well as to align the NYSSB/NYSSD's data privacy and security practices with the National Institute for Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity (Version 1.1). With regard to personnel and business practices, this procedure is intended to supplement current policy/procedures regarding PII.

Click the link below to review the policy in full.

ECSDPolicy5676PrivacySecurity.pdf

 

FERPA - Click for more information

 

District Data Privacy and Security Training

In year 1 of employment, all required faculty and staff members will complete the RICOne - Data Privacy and Security Awareness Training.

In year 2 of employment, all employees are required to complete the NYSIR training on phishing and email best practices.

In year 3+, employees will be trained throughout the school year at faculty meetings and staff development days by the Data Protection Officer, which will include a review of policies, procedures, best practices, and updates to the law and framework.