What is Education Law 2-D?
Education Law 2-D is a new section to NYS Education Law that was added in early 2020. This section covers various aspects of data privacy for school districts in New York State.
It identifies data that exists, how it’s handled, what you’re allowed to do with it, and defines additional security requirements. Education Law 2-D provides a clear description of student data and personally identifiable information (PII).
What are the Requirements of Education Law 2-D?
Education Law 2-D creates specific regulations and controls that school districts are required to abide by. According to the New York State Regional Information Centers and the Education Law 2-D/Part 121 of the Commissioner’s Regulations outline, schools must follow a multi-faceted approach to information governance, including:
The Protection of PII
PII for teachers, students, and principals must be protected.
Parent’s Bill of Rights for Data Privacy and Security
Districts must develop and share this information on their website with supplemental information regarding every agreement with a third-party contractor involving the disclosure of PII.
Data Protection Officer
It is mandatory to appoint a Data Protection Officer to oversee the execution of Education Law 2-D responsibilities.
It is also mandatory to have a complaint process, incident reporting/notification process, annual employee training, and most importantly, map everything back to NIST Cybersecurity Framework.
NIST CSF is a set of controls that governs aspects of the law and is a risk management program that identifies 1) where there are risks within an organization and 2) the ability to respond and prioritize those risks.
NIST is a comprehensive United States program that Sedara has been implementing in school districts for years.
The Sedara Approach to Education Law 2-D
Sedara has spent the last couple of years developing the Cybersecurity Development Program (CDP). A CDP encompasses controls such as NIST and is approachable, scalable, and specific for school districts to obtain and maintain compliance while keeping their data safe.
The method is designed to understand and factor in the needs, resources, and the existing operations of school districts.
Sedara’s CDP includes technical and non-technical approaches and is effective in keeping student data safe. This can include incident response, data loss, privacy controls, protection against ransomware, and much more.
CDP is not designed to replace an existing system. It is designed to augment the investments that have already been made and right-size a program that’s appropriate for a particular school district. CDP brings in the resources – both technical and non-technical – to help deliver on an ongoing basis, making it a cost-effective approach.
How Sedara Can Help
Sedara has worked with school districts all over New York State to help them protect the PII of students, teachers, and staff. We’re experienced with Education Law 2-D and can help make sure school districts are compliant.
Subscribe to Sedara Declassified to get timely updates on new and evolving threats–and what to do about them–just like our clients do.
Not a Fan of Videos?
Not a problem! Check out the video in podcast format. You can listen to the audio below.