BOE Policy #5674: DATA NETWORKS AND SECURITY ACCESS

The District values the protection of private information of individuals in accordance with applicable law, regulations, and best practice. Accordingly, District officials and Information Technology (IT) staff will plan, implement, and monitor IT security mechanisms, procedures, and technologies necessary to prevent improper or illegal disclosure, modification, or denial of sensitive information in the District Computer System (DCS). Similarly, such IT mechanisms and procedures will also be implemented in order to safeguard District technology resources, including computer hardware and software. District network administrators may review District computers to maintain system integrity and to ensure that individuals are using the system responsibly. Users should not expect that anything stored on school computers or networks will be private. In order to achieve the objectives of this policy, the Board entrusts the Superintendent, or his or her designee, to:

1. Inventory and classify personal, private, and sensitive information on the DCS to protect the confidentiality, integrity, and availability of information;
2. Develop password standards for all users;
3. Ensure that the "audit trail" function is enabled within the District's network operating system, which will allow the District to determine on a constant basis who is accessing the DCS, and establish procedures for periodically reviewing such audit trails;
4. Develop procedures to control physical access to computer facilities, data rooms, systems, networks, and data to only authorized individuals;
5. Establish procedures for tagging new purchases as they occur, relocating assets, updating the inventory list, performing periodic physical inventories, and investigating any differences in an effort to prevent unauthorized and/or malicious access to these assets;
6. Periodically audit user access rights to the overall networked computer system and to specific software applications and ensure that users are given access based on, and necessary for, their job duties;
7. Verify that laptop computer systems assigned to teachers and administrators use full-disk encryption software to protect against loss of sensitive data;
8. Deploy software to servers and workstations to identify and eradicate malicious software attacks such as viruses and malware;
9. Develop a disaster recovery plan appropriate for the size and complexity of District IT operations to ensure continuous critical IT services in the event of any sudden, catastrophic event, including, but not limited to fire, computer virus or deliberate or inadvertent employee action.

Ed Law 2D Requirements

Education Law 2-d and Part 121 of the Commissioner of Education's Regulations require NYS educational agencies to publish certain information on their websites. Please note direct links to NCSD documents/PDFs are not posted because updates may result in broken/error links, which may violate the Americans with Disabilities Act.

• Parents Bill of Rights

Education Law 2-d requires each NYS educational agency to develop/publish a Parents’ Bill of Rights for Data Privacy and Security. The purpose is to provide information to parents/guardians and eligible students about certain legal requirements that protect personally identifiable information pursuant to state and federal laws. The NCSD Parents' Bill of Rights is available by clicking the title link. 

• Data Privacy and Security Policy

Education Law 2-d requires each NYS educational agency to publish its Data Privacy and Security Policy. NCSD’s policy is published as the introduction to this webpage (at left) and is listed in the link above as “5674 - Data Networks and Security Access.”

• Supplemental Info for Contracts

Education Law 2-d requires each NYS educational agency to post supplemental information for each contract where a third-party contractor receives student data and/or teacher or principal data from NCSD. A list of contracts to which this applies is available by clicking the title link.