As a parent, you may be aware the New York State Education Department is making a stronger push to monitor the efficacy of school districts in meeting the mandates set forth by part 121 of Education Law 2-D. These actions are being taken by the State to ensure that student (and some teacher) data privacy is being regarded with the utmost security, both in-district and by any approved third parties.

This page contains the four mandatory items that should be hosted on the district’s website, in addition to four elements that, while not required by the law, are recommended to include for the benefit of the public. To view any of these elements, please click on the respective link(s) below.

For more information, please reach out to the Lansing Central School District's Data Protection Officer:

Michael Lockwood
Director of Informational and Instructional Technology
Lansing Central School District
284 Ridge Road
Lansing, NY 14882
Office: 607-533-3020 x4444
Michael Lockwood

Parents' Bill of Rights

• The District is required to post the Parents' Bill of Rights.

FERPA

• Click here to review our FERPA policy.

• Click here for the Image Opt-Out Information.

Third Party Info

• An inventory/list of third parties who have access to student data.

Directory Info

• Release of Directory Information

Data Security and Privacy Policy

• Click here for the District's Data Security and Privacy Policy.

PPRA

• The Protection of Pupil Rights Amendment

Unauthorized Disclosure Procedure

• Details how stakeholders are notified of a potential data incident/breach.

PPRA Additional Events

• Details how districts notify parents of additional events not originally covered in an initial (annual) PPRA notification.

Release of Directory Information to Military Recruiters and Institutions of Higher Learning

Pursuant to the No Child Left Behind Act, the District must disclose to military recruiters and institutions of higher learning, upon request, the names, addresses and telephone numbers of high school students. The District must also notify parents of their right and the right of their child to request that the District not release such information without prior written parental consent. Those parents who do not want the above information released to military recruiters and/or institutions of higher learning must notify the LHS Student Services in writing by September 30 of the current school year by filling out the Opt-Out form.

Notification

The District will notify the New York State Attorney General (AG), the New York State Department Consumer Protection Board (CPB) and the New York State Office of Cyber Security (OCS), as required by law. All affected individuals must be notified of the breach if their compromised data meets the classifications described in law. The District may delay notification of affected individuals if law enforcement determines that notification may impede a criminal investigation.

The required notice shall be directly provided to the affected persons by one of the following methods:

1. Written notice;

2. Electronic notice, provided that the person to whom notice is required has expressly consented to receiving the notice in electronic form; and a log of each such notification is kept by the District when notifying affected persons in electronic form. However, in no case shall the District require a person to consent to accepting such notice in electronic form as a condition of establishing any business relationship or engaging in any transaction;

3. Telephone notification, provided that a log of each such notification is kept by the District when notifying affected persons by phone; or

4. Substitute notice, if the District demonstrates to the State Attorney General that the cost of providing notice would exceed $250,000, or that the affected class of subject persons to be notified exceeds $500,000, or that the District does not have sufficient contact information. Substitute notice shall consist of all of the following:

   1. Email notice when the District has an email address for the subject persons;

   2. Conspicuous posting of the notice on the District's website page, if the District maintains one; and

   3. Notification to major statewide media.

Regardless of the method of which notice is provided, a notification must include:

1. Contact information for the District official handling the notification;

2. A description of the categories of information that were, or are reasonably believed to have been, acquired without authorization; and

3. Details on which elements of personal and private information were, or are reasonably believed to have been, so acquired.

The New York State Office of Cyber Security will be informed as to the timing, content and distribution of the notices and the approximate number of affected persons. The Attorney General and the Division of Consumer Protection should also be informed of these notices to affected persons. Refer to Form #5672 -- New York State Security Breach Reporting Form for contact information, addresses and notification guidelines.