Parents’ Bill of Rights for Data Privacy and Security

The Hornell City Central School District is committed to protecting the privacy and security of students, teachers and administrator data. In accordance with Education Law 2-d and Board Policy 7240, the District hereby establishes the following Parent’s Bill of Rights with regard to student data:

  1. A student’s personally identifiable information will not be sold or released for any commercial purposes.
  2. Parents have the right to inspect and review the complete contents of their child’s educational record. Procedures for reviewing student records can be found in BOE
    Policy 7240.
  3. Security protocols regarding confidentiality of personally identifiable information are currently in place, and these safeguards adhere to industry standards and best practices. These safeguards include, but are not limited to, data encryption, firewalls, and password protection.
  4. New York State maintains a complete list of all student data collected by the state and that list is available for public review at the NYSED spreadsheet or by writing to the Office of Information and Reporting Services, New York State Education Department, Room 863 EBA, 89 Washington Avenue, Albany, New York 12234.
  5. Parents have the right to file complaints about possible breaches of student data. Such complaints should be addressed in writing to Superintendent Jeremy Palotti, 120 Raider Road, Hornell, NY 14843, 607-324-1302, or

This Bill of Rights will be included with every contract entered into by the District with an outsider contractor if the contractor will receive student, teacher, or administrator data. This Bill of Rights will be supplemented to include information about each contract the District enters into with an outside contractor receiving confidential student, teacher, or administrator data, including the exclusive purpose(s) for which the data will be used, how the contractor will ensure confidentiality and data protection and security requirements, the date of expiration of the contract and what happens to the data upon the expiration of the contract, if and how the accuracy of the data collected can be challenged, where the data will be stored and the security protections that will be taken.