Data Privacy & Security
This site is designed to provide parents & families with information and processes related to student data privacy and security in accordance with New York State Education Law 2D. This includes the Galway CSD Data Privacy and Security Policy, the Parent's Bill of Rights, Data Privacy Complaint Process and links to vendor contracts and assurances regarding the responsible use of your student's information.
Data Protection Officer
William E. Baker, Jr., Director of Technology & Data Protection Officer wbaker@galwaycsd.org (518) 882-1033 x 3297
Data Privacy and Security Policy
In January 2020, the NYSED Board of Regents adopted Part 121 of the Commissioner's Regulations for the Strengthening of Data Privacy & Security in NYS Educational Agencies to Protect Personally Identifiable Information (PII) pursuant to Education Law sections 2-d, 101, 207, and 305. The district policies were last revised on June 17, 2020.
The Galway CSD policies details specific privacy protections that ensure:
Every use and disclosure of personally identifiable information (PII) by Galway CSD shall benefit students and the Galway CSD, such as improve academic achievement; advance efficient and effective school operations; empower families and students with information;
Personally identifiable information (PII) shall not be included in public reports or documents;
Parents, legal guardians, and eligible students (students who are age 18 or older) are afforded all the protections, where applicable, under the Family Education Rights Privacy Act (FERPA) and the Individuals with Disabilities Act (IDEA) and the federal regulations for implementing those statutes;
Alignment with the National Institute for Standards & Technology (NIST) Cybersecurity Framework.
Annual training and notification for employees that handle student, teacher and/or principal PII.
Publication of the Galway CSD data security and privacy policy on its website for its community of stakeholders.
Galway CSD Data Data Privacy & Security Policy
Galway CSD BOE Policy # 5500: Student Records
Parent's Bill of Rights
The purpose of the Parents’ Bill of Rights is to provide information to parents, legal guardians, those in parental relation to students and eligible students (age 18 and older) about certain legal requirements that protect personally identifiable (PII) information pursuant to state and federal laws.
Third Party Vendor Contracts
Galway CSD may utilize vendors through paid contracted services and/or free services activated through individual user Terms of Service (click wrap) agreements for one or more technology services in the provision of its educational services. These include software, mobile or web applications, and/or web-based services.
For information about vendors that collect, process, store, or analyze personally identifiable student data or teacher/principal evaluation data within the district's programs & services:
Technology Vendors' Privacy Policies & Supplemental Agreements
Inventory of Student Data Collected by the New York State Education Department
As required by New York State Education law Section 2-d, NYSED publishes a list of the data elements that it collects from NYS school districts and the purpose of the data collection.
Complaint Procedures for Unauthorized Data Disclosure / Data Breach
Parents, legal guardians, eligible students (students who are at least 18 years of age or attending a post-secondary institution at any age), principals, teachers, and employees of an educational agency may file a complaint about a possible data breach or improper disclosure of student data and/or protected teacher or principal data.
To submit a complaint, please download & complete the Galway CSD Unauthorized Data Disclosure/Data Breach Form. Paper forms are also available in the district office.
Completed forms may be submitted by email to the Data Protection Officer, William E. Baker, Jr., Director of Technology & Data Protection Officer wbaker@galwaycsd.org, or forms may be given directly to the principal who will submit the form to Mr. Baker.
Mr. Baker, or assigned designee, will contact the complainant by phone or email to review the complaint, and initiate an investigation.
Investigations will be completed and finalized in a reasonable amount of time, typically, within 60 calendar days from the receipt of the complaint. In the event the investigation needs to extend beyond 60 days, due to extenuating circumstances, the complainant will be contacted to inform them of the delay and the expected timeline for completion.
Galway CSD will maintain a record of all complaints of data breaches or unauthorized releases of student/staff data & their disposition in accordance with applicable data retention policies, and report complaint reports & investigations as directed by NYS Ed Law 2d / Part 121 Regulations to the NYSED Chief Privacy Officer.
