Data Privacy and Security Public Information

ABOUT US HOME

DISTRICT

CALENDAR

DEPARTMENTS

ATHLETICS

SCHOOLS

COMMUNITY

CONTACT US

Data Privacy Officer

Mr. Nicholas Damiani, Director of Technology
Phone: 518-643-6025

Student Data Protection

Managing student data safely is of utmost importance in the Peru Central School District. Student data encompasses a wide range of sensitive information, including personal details, academic records, and health records. Safeguarding this data ensures the privacy and confidentiality of students, fostering a sense of trust between the school, students, and their families.

Family Educational Rights and Privacy Act

Annual FERPA Notification
Annual Notice for Directory Information
FAQ Directory Information 6.10.25
A Parent Guide to the Family Educational Rights and Privacy Act (FERPA)

Parents Bill of Rights

A Parents’ Bill of Rights for Data Privacy and Security must be published on the website of each educational agency and must be included with every contract an educational agency enters into with a third-party contractor that receives personally identifiable information. The list below highlights required elements that must be included in the Parents’ Bill of Rights. To learn more about this requirement, agencies can review Part 121.3 of the Regulations and Section 3 of Education Law 2-d.

PeruCSD Parent’s Bill of Rights

Data Privacy and Security Overview & Policy

Part 121 of the Commissioner’s Regulations requires agencies to adopt a policy on data security and privacy by October 1, 2020.1 Additionally, the law requires agencies to publish the policy on the district’s website. To learn more about this requirement, review Part 121.5 of the Regulations.

PeruCSD Data Privacy Policy
PeruCSD Acceptable Use Policy

Personally Identifiable Information

Education Law Section 2-d and Part 121 of the Commissioner’s Regulations outline requirements for educational agencies and their third-party contractors to strengthen data privacy and security in order to protect student and annual professional performance review personally identifiable information.

PROTECTED STUDENT DATA The term “student” refers to any person attending or seeking to enroll in an educational agency, and the term “personally identifiable information” (“PII”) uses the definition provided in FERPA. The term PII includes, but is not limited to:

Student Name
Date of Birth
Parent Names
Photos
Video of Students
Student Email Address
Student Address
Student ID Number
Social Security Number
Student Medical Information
Special Education Information
Other Indirect Identifiers
Information that alone or in combination would allow a reasonable person to identify the student.

TEACHER AND PRINCIPAL DATA Personally identifiable information from the records of an educational agency relating to the annual professional performance reviews of classroom teachers or principals that is confidential and not subject to release under the provisions of Education Law §3012-c and §3012-d is subject to Education Law 2-d.

Third-Party Contract Agreement and Approved Vendor List

A third-party contractor is any person or entity, other than an educational agency, that receives student data or teacher or principal data from an educational agency pursuant to a contract or other agreement for purposes of providing services to such agency, including but not limited to data management, conducting studies, or evaluation of publicly funded programs. To learn more about this requirement, agencies can review Part 121.2, 121.3, 121.6, 121.9, and 121.10 of the Regulations.

Example of PeruCSD Third Party Contract
Approved Vendor and Software List
NERIC Approved Vendor and Software List
SDPC Resources

Unauthorized Disclosure Complaint Procedures

Parents, eligible students (students who are at least 18 years of age), principals, teachers, and employees of an educational agency may file a complaint about a possible breach or improper disclosure of student data and/or protected teacher or principal data.

To submit a complaint, please download and complete the PeruCSD Unauthorized Data Disclosure/Data Breach Form. Paper forms are also available in the main office of each school and the District Office.
1. Completed forms may be submitted via email to the Data Protection Officer, Mr. Nicholas Damiani, at ndamiani@perucsd.org, or forms may be given directly to a building principal who will submit the form appropriately
The District assigned Data Privacy Officer will contact the complainant by phone, email, or through Parent Square to review the complaint and initiate an investigation.
Investigations will be completed and finalized as quickly as possible. All investigations should be completed within 60 calendar days from the receipt of the complaint. If an investigation will be extending beyond the 60-day window, the complainant will be contacted about the delay and provided with an updated timeline for completion.
The Peru Central School District will keep an updated record of all complaints of data breaches or unathorized releases of student/staff data & their dispositions in accordance with applicable data retention policies, and report complaint reports & investigations as directed by NYS Ed Law 2d / Part 121 Regulations to the NYSED Chief Privacy Officer.