Skip to main content
  1. Families & Community
  2. Data Privacy

Data Privacy

Data Privacy & Security Information

At Madison-Oneida BOCES (MOBOCES), we strive to provide the highest quality education to your child. In doing so, we collect and utilize data in a variety of ways to provide learning resources, measure student progress, tailor learning strategies, make operational decisions, and meet state and federal reporting requirements, just to name a few.

This data, when collected and utilized appropriately by our skilled team of educators, can be a powerful tool to enhance your child’s educational experience. Knowing the level of impact this information can have, our BOCES puts a heavy focus on its protection and your child’s privacy. We have made significant investments in both time and resources to implement a quality, modern cybersecurity program, leveraging the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF).

We have provided this page to give parents and members of our school community greater insight into how we utilize student information, make you aware of your rights, and hopefully simplify a complex space. Our Data Protection Officer is always available to help with any questions you may have.

You may also view our district’s Data Security and Privacy Policy HERE for more details.

  • A photo a lady smiling wear a formal attire

    Data Protection Officer
    Lisa Decker
    315-361-5520
    ldecker@moboces.org


    Our district’s data protection officer is responsible for the overall implementation of our data privacy and security program and communication with our district community with any necessary information in this space. One of our main objectives at Madison-Oneida BOCES is to ensure the safety and security of our students’ personal information.

  • Parents’ rights with regard to the disclosure and utilization of their child’s information are identified primarily in the following statutes:

    MOBOCES is required to annually notify parents of their rights under FERPA; that information can be found in our FERPA Notification Policy HERE. Under FERPA, MOBOCES may identify certain data elements as Directory Information, which may be disclosed without obtaining prior parental consent. Parents are provided with the opportunity to opt out of certain Directory Information disclosures by filling out the form HERE. The data identified as Directory Information by our BOCES is:

    • student’s name
    • address
    • telephone number
    • email address
    • date and place of birth
    • name of the student’s parents
    • student’s home school district
    • student’s class designation
    • participation in extracurricular activities
    • dates of attendance
    • student’s achievement awards and honors
    • most recent previous educational agency attended by the student
    • photographs
    • audio recordings
    • video images of students (with or without sound) engaged in routine activities

     

    Additional FERPA Form Links: Inspection of Student RecordsCorrection of Student Records

    The MOBOCES Education Records Policy can be found HERE.

    NYS Ed Law 2-d requires educational agencies to adopt and share with parents their rights under the law, otherwise known as the Parents’ Bill of Rights, which can be viewed HERE.

  • In the event of an incident involving the unauthorized disclosure of student Personally Identifiable Information (PII), the BOCES is required to notify the New York State Education Department’s Chief Privacy Officer within 10 days and affected parents, eligible students, and/or teachers within 60 days.

    Should the BOCES become aware of the unauthorized disclosure of student information affecting your child, you can expect to receive notification from MOBOCES containing the following information:

    • A description of the unauthorized release
    • Dates of the incident
    • Date of discovery of the incident
    • Description of the types of PII affected
    • Description of the agency’s investigation
    • Contact information for further assistance

    Parents, eligible students (students who are at least 18 years of age), principals, teachers, and employees of an educational agency may file a complaint about a possible breach or improper disclosure of student data and/or protected teacher or principal data. Complaints may be made directly to our Data Protection Officer by utilizing the form found HERE.

    All complaints of this nature are taken seriously by our BOCES and will be investigated as immediately and thoroughly as possible.

    Individuals may always wish to file a complaint directly with the New York State Education Department’s Chief Privacy Officer and can do so HERE.

  • Third-party contractors who receive student information must abide by certain identified measures to support the protection of student privacy. MOBOCES posts an inventory of our contractors that collect/process student information along with Supplemental Information for each of these contracts. Supplemental Information can be viewed HERE and includes the following information:

    • Exclusive purpose for data use
    •  Subcontractor management processes
    •  Contract duration
    •  Data destruction practices
    • Data accuracy challenge procedures
    • Data storage/processing locations
    • Security protections in place
    • Encryption practices 

     

     

    Please note, that where a contractor or information system is listed in our inventory and no supplemental information is displayed, MOBOCES is in the process of pursuing the necessary contract language with that entity.

  • In addition to FERPA and NYS Ed Law 2-d, the following statutes also govern our activities with regard to student and other sensitive information protection:

    • Protection of Pupil Rights Amendment (PPRA) - PPRA defines the rules states and school districts must follow when administering tools like surveys, analysis, and evaluations funded by the US Department of Education to students. It requires parental approval to administer many such tools and ensures that school districts have policies in place regarding how the data collected through these tools can be used. Our PPRA opt-out letter can be found HERE.
    • Children's Online Privacy Protection Rule (COPPA) – COPPA imposes certain requirements on operators of websites, games, mobile apps, or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.
    • Office of Information Technology Services (NYS Technology Law) – NYS Technology Law establishes the Office of Information Technology Services to strategically manage the planning and development of technological resources in conjunction with state and local government agencies. NYS Technology Law also includes specific provisions for the use of biometric identifying technology in schools pending additional research by the NYS Education Department.