Parent's Information for Data Security and Privacy
New York State Education Law gives you the right to information about how CiTi BOCES is safeguarding student and staff data.
- CiTi-Approved Software and Subscriptions
- Data Inventory
- NYSITCC ED Law Free
- NYSITCC ED Law 2D Documents
- NYS Security Breach Reporting Form
- OCM SLS Agreements
- Parent's Bill of Rights
- Protection of Pupil Rights Amendment (PPRA)
- What is PPRA?
Directory Information for CiTi can be found in the following polices:
- 6320, Student Records: Access and Challenge (directory information)
- 6491, Military Recruiters’ Access to Students (access to records by military)
- 6490, Student privacy, parental access to information and administrator of certain physical examinations to minors (opt out language and procedure)
Notification of Specific Events
The District will notify the New York State Attorney General (AG), the New York State Department Consumer Protection Board (CPB) and the New York State Office of Cyber Security (OCS), as required by law. All affected individuals must be notified of the breach if their compromised data meets the classifications described in law. The District may delay notification of affected individuals if law enforcement determines that notification may impede a criminal investigation.
The required notice shall be directly provided to the affected persons by one of the following methods:
- Written notice;
- Electronic notice, provided that the person to whom notice is required has expressly consented to receiving the notice in electronic form; and a log of each such notification is kept by the District when notifying affected persons in electronic form. However, in no case shall the District require a person to consent to accepting such notice in electronic form as a condition of establishing any business relationship or engaging in any transaction;
- Telephone notification, provided that a log of each such notification is kept by the District when notifying affected persons by phone; or
- Substitute notice, if the District demonstrates to the State Attorney General that the cost of providing notice would exceed $250,000, or that the affected class of subject persons to be notified exceeds $500,000, or that the District does not have sufficient contact information. Substitute notice shall consist of all of the following:
- Email notice when the District has an email address for the subject persons;
- Conspicuous posting of the notice on the District's website page, if the District maintains one; and
- Notification to major statewide media.
Regardless of the method of which notice is provided, a notification must include:
- Contact information for the District official handling the notification;
- A description of the categories of information that were, or are reasonably believed to have been, acquired without authorization; and
- Details on which elements of personal and private information were, or are reasonably believed to have been, so acquired.
The New York State Office of Cyber Security will be informed as to the timing, content and distribution of the notices and the approximate number of affected persons. The Attorney General and the Division of Consumer Protection should also be informed of these notices to affected persons. Refer to Form #5672 -- New York State Security Breach Reporting Form for contact information, addresses and notification guidelines.
If at any time CiTi learns that student and/or teacher/principal data has been compromised, parents and guardians will be notified, and the data breach will be reported to the New York State Education Department.
Parents who have concerns or complaints about data privacy or security may file a complaint by contacting our data protection officer at 315.963.4425 or kfoland@CiTiboces.org.