Ed law 2-d and other information
This page is dedicated to walking parents through not only Ed law 2-d, but also other laws protecting children as well as how to report a suspected data breach.


Ed Law 2-d and part 121

What is Ed law 2-d?

A law enacted in 2014 that focuses on the protection and handling of Personal Identifiable Information (PII).

What is Student PII?

PII includes, but is not limited to:
1. The student’s name;
2. The name of the student’s parent or other family members;
3. The address of the student or student’s family;
4. A personal identifier, such as the student’s social security number, student number, or biometric record;
5. Other indirect identifiers, such as the student’s date of birth, place of birth, and mother’s maiden name;
6. Other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty; or
7. Information requested by a person who the educational agency or institution reasonably believes knows the identity of the student to whom the education record relates.

34 CFR §99.3.  We also recommend protection of the additional element identified in the implementing regulations of the Individuals with Disabilities Education Act (IDEA), 20 U.S.C. § 1400 et seq., as PII, with regard to IDEA eligible students, that is:  a list of personal characteristics or other information that would make it possible to identify the child with reasonable certainty.  34 CFR § 300.32.
The confidentiality and privacy provisions do not apply to de-identified data (e.g., data regarding students that uses random identifiers), aggregated data (e.g., data reported at the school district level) or anonymized data that could not be used to identify a particular student.

Does this protect data other than students' data?

The protections in the statute also extend to teacher data or principal data, defined as PII from the records of an educational agency relating to the annual professional performance reviews of classroom teachers or principals that is confidential and not subject to release under the provisions of Education Law §§ 3012-c and 3012-d.

What is Ed law 2-d part 121?

These rules will implement Education Law Section 2-d and provide guidance to educational agencies and their third-party contractors on ways to strengthen data privacy and security to protect student data and annual professional performance review data.

Can I use software that is not Ed law 2-d compliant?

Under one circumstance: if the app or software collects no PII, you can use it. This means you can use apps that students don't login to, or apps that utilize random usernames and passwords and do not retain data on students. In the vast majority of cases, non-compliant sites, apps, and software will include a notice on their legal page that states the site/app/software is not for use for students under 13. This is a pretty good sign they're collecting data from students, and you should not use the service.

Key data privacy software policies:

Data privacy agreements

HMH (includes Read180, System44, Ed Your Friend in Learning, etc.)

McGraw Hill

PowerSchool

Canvas

Clever

ClassLink

Google

For a complete accounting of our vendors and their status regarding signing our data privacy documentation (which includes the parents' bill of rights, data privacy and security policy, and data privacy and security addendum), please check our tracker here. Please note that not all listed vendors collect student data and therefore do not need to complete these agreements.


Other Laws Protecting Children

Family Educational Rights and Privacy Act (FERPA) - The foundational federal law on the privacy of students’ educational records, FERPA safeguards student privacy by limiting who may access student records, specifying for what purpose they may access those records, and detailing what rules they have to follow when accessing the data.

Protection of Pupil Rights Amendment (PPRA) - The Protection of Pupil Rights Amendment (PPRA) is a federal law that affords certain rights to parents of minor students with regard to surveys that ask questions of a personal nature. Briefly, the law requires that schools obtain written consent from parents before minor students are required to participate in any U.S. Department of Education funded survey, analysis, or evaluation that reveals information concerning the following areas:

- Political affiliations;
- Mental and psychological problems potentially embarrassing to the student and his/her family;
- Sex behavior and attitudes;
- Illegal, anti-social, self-incriminating and demeaning behavior;
- Critical appraisals of other individuals with whom respondents have close family relationships;
- Legally recognized privileged or analogous relationships, such as those of lawyers, physicians, and ministers;
- Religious practices, affiliations, or beliefs of the student or student's parent*; or
- Income (other than that required by law to determine eligibility for participation in a program or for receiving financial assistance under such program.)

Children's Online Privacy Protection Act (COPPA) - COPPA imposes certain requirements on operators of websites, games, mobile apps or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.


Reporting an Improper Data Disclosure

In the event that you believe data has been released improperly, please complete this form and we will investigate.