8635 - Information Security Breach and Notification


Adoption Date: 5/12/2016, Revised 6/11/2020
8000 - Support Services

8635  Information Security Breach and Notification 

Breach of Private Information under Technology Law §208
The District is required by State Technology Law to notify affected individuals and state agencies when there has been (or is reasonably believed to have been) a security breach in the District’s computer system which compromises the individuals’ private information.

 “Private information” is defined in State Technology Law §208, and includes certain types of information, which would put an individual at risk for identity theft or permit access to private accounts. “Private information” does not include information that can lawfully be made available to the general public pursuant to federal or state law or regulation.

Any breach of the District’s information storage or computerized data which compromises the security, confidentiality, or integrity of “private information” maintained by the District must be promptly reported to the Superintendent and the Board of Education.

The Board directs the Superintendent of Schools or his/her designee, in accordance with appropriate business and technology personnel, to establish regulations which:

·       identify and or define the types of private information that is to be kept secure;

·       include procedures to identify any breaches of security that result in the release of private information; and

·       include procedures to notify persons affected by the security breach and state and local agencies as required by law.

Employee “Personal Identifying Information” under Labor Law §203-d

Pursuant to Labor Law §203-d, the District will not communicate employee “personal identifying information” to the general public. This includes:

1.  social security number
2.  home address or telephone number
3.  personal email address
4.  internet identification name or password
5.  parent’s surname prior to marriage, and;
6.  driver’s license number.

In addition, the District will protect employee social security numbers in that such numbers will not be:

1.  publically posted or displayed;
2.  visibly printed on any ID badge, card or timecard;
3.  placed in files with unrestricted access; or
4.  used for occupational licensing purposes.

1120 – School District Records
5500 – Student Records
8630 – Records Management

Policy References:
State Technology Law §§201-208
Labor Law §203-d 
Education Law §2-d
8 NYCRR Part 121