Data Protection Officer: Mr. Christopher Forget (631) 583-5626
To report a possible data breach, please call (631) 583-5626 or complete and submit the form at the following link: Click Here
(Sent home in September’s “Woodhull Flyer”)
The Family Educational Rights and Privacy Act or FERPA (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records and applies to all schools that receive funds under an applicable program of the U.S. Department of Education. The law gives parents certain rights which transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. Students to whom the rights have transferred are "eligible students." Among these rights are that:
Schools may disclose, without prior consent, "directory" information such as a student's name, address, telephone number, date and place of birth, honors and awards, and dates of attendance, unless objection is submitted in writing by parents or legal guardians, or by those students themselves who are 18 years of age and older, to the Superintendent of Schools, Travis Davey, by September 15th of the current school year. Failure to make such a request shall be deemed consent to release, provide, or publish the directory information during the school year.
Fire Island School District herewith gives notice of intention to provide, release or publish in the Fire Island School District newsletter, website, social media accounts, school or student newspapers, magazines, yearbooks or other publications, daily or weekly newspapers, athletic programs, musical or theatrical programs and news releases, video any and/or all of the following information pertaining to students as may be appropriate under the circumstances:
The Fire Island Union Free School District is committed to protecting the privacy and security of student data and teacher and principal data. In accordance with New York Education Law Section 2-d and its implementing regulations, the District informs the school community of the following:
Supplemental Information Regarding Third-Party Contractors
In the course of complying with its obligations under the law and providing educational services to District residents, the Fire Island Union Free School District has entered into agreements with certain third-party contractors. Pursuant to these agreements, third-party contractors may have access to "student data" and/or "teacher or principal data," as those terms are defined by law and regulation.
For each contract or other written agreement that the District enters into with a third-party contractor where the third-party contractor receives student data or teacher or principal data from the District, the following supplemental information will be included with this Bill of Rights:
Below are the 3rd parties which currently handle any Fire Island student or staff PII, along with the Ed Law 2d Riders supplementing their current privacy policies:
This policy addresses Fire Island Union Free School District’s (FISD) responsibility to adopt appropriate administrative, technical and physical safeguards and controls to protect and maintain the confidentiality, integrity and availability of its data, data systems and information technology resources.
II. Policy Statement
It is the responsibility of FISD:
FISD will utilize the National Institute of Standards and Technology’s Cybersecurity Framework v1.1 (NIST CSF or Framework) as the standard for its Data Privacy and Security Program.
The policy applies to FISD employees, interns, volunteers, and consultants, and third-parties who receive or have access to FISD’s data and/or data systems (“Users”).
This policy encompasses all systems, automated and manual, including systems managed or hosted by third parties on behalf of FISD and it addresses all information, regardless of the form or format, which is created or used in support of the activities of FISD.
This policy shall be published on the FISD website and notice of its existence shall be provided to all Users.
The district superintendent is responsible for the compliance of the programs and offices with this policy, related policies, and their applicable standards, guidelines and procedures. Instances of non-compliance will be addressed on a case-by-case basis. All cases will be documented, and program offices will be directed to adopt corrective practices, as applicable.
FISD’s Data Privacy Officer (DPO) shall regularly report to the Superintendent on data privacy and security activities, the number and disposition of reported breaches, if any, and a summary of any complaints submitted pursuant to Education Law §2-d.
VII. Data Privacy
VIII. Incident Response and Notification
The District will respond to data privacy and security incidents in accordance with its Incident Response Guidelines. The incident response process will determine if there is a breach. All breaches must be reported to the DPO. For purposes of this policy, a breach means the unauthorized acquisition, access, use, or disclosure of student, teacher or principal PII as defined by Education law §2-d, or any SED sensitive or confidential data or a data system that stores that data, by or to a person not authorized to acquire, access, use, or receive the data.
FISD will comply with legal requirements that pertain to the notification of individuals affected by a breach or unauthorized disclosure of personally identifiable information.
IX. Acceptable Use Policy, User Account Password Policy
FISD Users must annually complete FISD’s information privacy and security training.