As we’ve seen in recent weeks, cyber-security has become a serious issue. The shutdown of a gas pipeline by malicious actors resulted in rising gas prices and empty gas stations. Governments are aware of the importance of cyber-security and have put laws into place that will help strengthen security at institutions they control. One such law is section 2-D of the New York Education Law, which passed in early 2020.
What is the New York Education Law? Who all does it apply to? How to make sure your business is compliant with the law? Let’s find out.
Table of Contents
The New York Senate saw the rising threat of security breaches and made the decision to strengthen the security standards in place. To establish laws for the collection and handling of data regarding the personal information of students.
To provide security to both the students and their parents, section 2-D of the New York Education Law was drafted. The law establishes a series of guidelines and requirements that educational facilities and third-party contractors have to follow.
Various government agencies have regulations and standards in effect that are designed to protect data. NY Ed-Law 2D is aimed at protecting the privacy rights of individuals who have their data stored on school computers. This includes:
It’s important for security that data is protected during every step it takes through the educational system. For that reason, requirements are put into place both for the educational agencies themselves and for any third-party contractors that work with them and have access to any of the protected data. For the purposes of the law, the terms are defined as follows:
Any school district, board of cooperative educational services, school, or the education department. The law further defines a school as
Any person or agency that receives data about a student, parent, teacher, or principal at the school is a third-party contractor. It shall include any entity that receives this data for the purposes of providing services for the school.
There are five major provisions in the law that impose requirements on how data should be collected. What data is allowed to be collected, and the policies and procedures that must be in place regarding the collection, sharing, and handling of that data. They are outlined in a brief overview below:
Whether you’re a part of a school system or a third party working with an entity that is, you are required to meet certain requirements under this law. It’s important that you understand what your responsibilities are. Summaries inherently leave things out, and the law itself can be confusing.
If you need help ensuring that your organization remains compliant with NY Ed-Law 2D, contact WPG to see how we can help.
Haven’t heard of SASE before? You’re not alone. Standing for Secure Access Service Edge, SASE…
The presence of cyber risks could lead to a disruption in the operations of any…
IT teams require more effective approaches to monitor and control devices remotely as remote work…
Artificial Intelligence (AI) capabilities like machine learning, natural language processing and robotic process automation are…
From servers to smartphones, schools and businesses depend on scores of devices. Managing this technology…
Do you ever wonder how your school’s computers get software updates or performance fixes without…