Data Privacy and Security

In accordance with the requirements of Section 2-d of the New York Education Law, Orange-Ulster BOCES (the “OU BOCES”) provides the following Parents’ Bill of Rights with respect to maintaining the privacy and security of student data:

1. A student's personally identifiable information cannot be sold or released for any commercial purposes;
2. Parents have the right to inspect and review the complete contents of their child's education record;
3. State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred. Towards this end, OU BOCES has implemented the following safeguards to protect personally identifiable information about students, which is stored or transferred by OU BOCES, against unauthorized disclosure.

• All databases that have student information are protected by a secure password and login. Logins are monitored, and passwords are kept up-to-date.
• All databases that have student information are protected by a secure firewall, and intrusion detection. All data bases that contain student information are encrypted with 256 bit secure socket layer protection.

4. Parents may access a complete list of all student data elements collected by NYSED at http://www.p12.nysed.gov/irs/sirs/documentation/NYSEDstudentData.xlsx, or may obtain a copy of this list by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 89 Washington Avenue, Albany, NY 12234.

5. Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed to: Director of Technology, 4 Harriman Drive, Goshen, NY 10924 (845)781-4358; support@ouboces.org.

PLEASE NOTE: Accordingly, this Parents’ Bill of Rights is subject to revision and/or supplementation as needed to comply with OU BOCES’ obligations under the law.

Additional information is available on the New York State Education Department’s website at: https://www.nysed.gov/data-privacy-security/bill-rights-data-privacy-and-security-parents-bill-rights

Download the Parents' Bill of Rights for Data Privacy and Security

September 2023

 Dear Parents and Guardians:

 This is to advise you of your rights with respect to your child's school records pursuant to the Federal Law known as the "Family Education Rights and Privacy Act of 1974." Under the provisions of this law, parents of a student under 18 ( or a student who is 18 years of age or older) have a right to inspect and review any and all official records, files and data directly related to their child ( or themselves) including all material that is incorporated into the student's cumulative record folder and intended for school use or to be available to parties outside the school or school system, and specifically including, but not necessarily limited to: identifying data, academic work completed, level of achievement scores on standardized, intelligence, aptitude and psychological tests, interest inventory results, health data, family background information, teacher or counselor ratings and observation and verified reports of serious or recurrent behavior patterns.

Parents and students are also entitled to an opportunity for a hearing to challenge the content of such records, to ensure that they are not inaccurate, misleading or otherwise in violation of the privacy or other rights of students, and to provide an opportunity for the correction or deletion of any such inaccurate, misleading or otherwise inappropriate data contained therein. Any questions concerning the procedure to be followed in requesting such a hearing should be directed to James Higgins, Director of Special Education, Orange-­Ulster BOCES, 53 Gibson Road, Goshen, New York 10924.

 Student records and any material contained therein which is personally identifiable, with the exception of "directory information," (see the enclosed Parent Notification Regarding the Release of Information) are confidential and may not be released or made available to persons other than parents or students without the written consent of such parents or students (if over age 18). There are a number of exceptions to this rule such as: Court Orders, other school employees, other schools that have requested records for any student who is enrolled or seeks, intends, or is instructed to enroll in the school, certain State and Federal officials, etc. who have a legitimate educational need to access such records in the course of their employment or normal duties and responsibilities. 

The following procedures shall be applicable for making student records available to parents of students under eighteen years of age or to a student eighteen years of age or older: 

1. All student records shall be available only during regular office hours from the office of the appropriate Program Director -within BOCES.
2. Such records shall be attainable only from those administrators and other personnel designated by the District Superintendent of Schools through a written request specifically outlining the material to be reviewed.
3. Any document included in the student record folder may be examined -within the said offices of the BOCES and may not be removed there from, provided such records are not then in use or needed by the office personnel in the discharge of their regular office duties.
4. Documents may be copied by photocopier or other mechanical devices at a cost of 25¢ per face of each document.
5. Parents who -wish to challenge the content of their child's school records shall identify in writing the record or records, which they believe to be inaccurate, misleading or otherwise in violation of the privacy or other rights of the student, together -with a statement of the reasons for their challenge to the record. This written challenge shall be submitted to the Program Director for a reply.
6. The Director shall provide a written response to a parental challenge -within fifteen(15)   working days of receipt of that challenge.
7. If a parent requests a hearing following the written response of the Director, it shall be granted -within thirty (30) working days by the District Superintendent or his designee. Upon completion of the hearing, a written decision shall be rendered -within ten (10) working days by the official before whom the hearing was held. A copy of the decision -will be mailed to the person(s) requesting the hearing and one copy -will be affixed to the records of the student in question.

View/Download the FERPA Notice

Dear Parent or Guardian: 

The Family Educational Rights and Privacy Act (FERPA), a Federal law, requires that Orange-Ulster BOCES, with certain exceptions, obtain your written consent prior to the disclosure of personally identifiable information from your child's education records. However, Orange-Ulster BOCES may disclose appropriately designated "directory information" without written consent, unless you have advised Orange-Ulster BOCES to the contrary. The primary purpose of directory information is to allow the Orange-Ulster BOCES to include information from your child's education records in certain school publications. 
Directory information, which is information that is generally not considered harmful or an invasion of privacy if released, can also be disclosed to outside organizations without a parent's prior written consent. Outside organizations include, but are not limited to, companies that manufacture class rings or publish yearbooks. In addition, two federal laws require local educational agencies (LEAs) receiving assistance under the Elementary and Secondary Education Act of 1965, as amended (ESEA) to provide military recruiters, upon request, with the following information - names, addresses and telephone listings - unless parents have advised the LEA that they do no want their student's information disclosed without their prior written consent. [Note: These laws are Section 9528 of the ESEA (20 U.S.C. § 7908) and 10 U.S.C. § 503(c).] 
If you do not want Orange-Ulster BOCES to disclose any or all of the types of information designated below as directory information from your child's education records without your prior written consent, you must notify the Orange-Ulster BOCES in writing by September 15, 2023. Orange-Ulster BOCES has designated the following information as directory information: 

• Student's name
• Student's address
• Student's telephone listing
• Date and place of birth
• Grade level
•  Participation in officially recognized sports and activities
• Weight and height (for members of athletic teams)
• Dates of attendance
• Honors, degrees and awards received
• Email address
• Name of educational institution previously attended
• Student ID number, user ID or other unique personal identifier used to communicate in electronic systems but only if the identifier cannot be used to gain access to education records except when used in conjunction with one or more factors that authenticate the user's identity, such as a PIN, password or other factor known or possessed only by the authorized user.

View/download the Parental Notification Regarding the Release of Information