Tonawanda City School District is committed to protecting the privacy and security of every student’s data.

Education Law 2-D is a new section to NYS Education Law that was added in early 2020. This section covers various aspects of data privacy for school districts in New York State.

It identifies data that exists, how it’s handled, what you’re allowed to do with it, and defines additional security requirements. Education Law 2-D provides a clear description of student data and personally identifiable information (PII).

Education Law § 2-d requires each educational agency in the State of New York to develop a Parents’ Bill of Rights for Data Privacy and Security

The law also requires that with each contract an educational agency enters with a third-party contractor, that receives personally identifiable information (PII), must contain a signed bill of rights and supplemental information. In turn, each educational agency will have to publish, on its website, the signed parent’s bill of rights and supplemental information to the bill of rights for each software contract.

Important Documents:

  • Policy on Privacy and Security for Student/Teacher and Principal Data

  • Parents Bill of Rights

    • The purpose of the Parent’s Bill of Rights is to provide information to parents (which also includes legal guardians or persons in parental relation to a student, but generally not the parents of a student who is age eighteen or over) and eligible students about certain legal requirements that protect personally identifiable information pursuant to state and federal laws. 

  • Parent Complaint Form

  • District Inventory of Approved Software

    • We are compiling the information about each agreement between Tonawanda City School District and an outside party that receives protected student data, or protected principal or teacher data, from the district: (1) the exclusive purposes for which the data will be used, (2) how the contractor will ensure that any subcontractors it uses will abide by data protection and security requirements, (3) when the contract expires and what happens to the data at that time, (4) if and how an affected party can challenge the accuracy of the data, (5) where the data will be stored, and (6) the security protections taken to ensure the data will be protected, including whether the data will be encrypted. The link below will take you to that information for the listed agreements. We will be updating this list as we gather additional information. 



Sarah Infante
(716) 694-7210