Madalyn RomanoDr. Madalyn Romano
914) 922-3414


Privacy & Security logo

News & Reminders

  • DRAFT Policy Available

    We have received authorization from Tope Akinyemi, Chief Privacy Officer for NYSED to share the attached document with our districts.  The Draft Data Privacy and Security Policy is written from the perspective of NYSED's  policy to protect the data of students, teachers and administrators as outlined in Education Law 2-d, Part 121 Regulations.

     NYSED is still working on a sample policy that districts can use to develop their own policy but this is a start.

    Data Privacy and Security
  • Ed Law 2-d Part 121 Regulations - Adopted by the NYS Board of Regents

    At the NYS Department of Education meeting on January 13, 2020, the Board of Regents voted:  "That the Regulations of the Commissioner of Education be amended to add a new Part 121, as submitted, effective January 29, 2020." 

    The adoption of the Regulations will require school districts to have a Data Security and Privacy Policy approved by their local Board of Education and posted on the district website by July 1, 2020. 

    Other requirements are to appoint a Data Protection Officer, adopt the NIST Cybersecurity Framework, provide annual Cybersecurity Awareness Training, training on laws and regulations and district policies.  Districts must also establish a process for handling data breach complaints,  develop an incident response plan, ensure that third-party contractors that utilize personally identifiable information are compliant with the Regulations and post the Parents Bill of Rights for Data Privacy and Security on the district website.

    The LHRIC is building services to support districts' compliance with the Regulations.

    Use this link to read the full report from the NYSED Board of Education 

    Data Privacy and Security
  • NIST Cybersecurity Workgroup Beginning in December

    In preparation for the New York State Ed Law 2-d Requirements and in order to improve your district's IT security posture, the LHRIC is hosting two 10-session mentored Collegial Workgroups.  These sessions will help district's develop a set of security policies that follow the NIST Cybersecurity Framework.  One Collegial Workgroup will be held at the LHRIC's offices in Harrison beginning December 13 and running through June. 2020  The second group will be held on the campus of Putnam Northern Westchester BOCES beginning January 9th and running through June 2020.   Please use the links below for more information.  Registration is limited.  




    Please contact Dr. Madalyn Romano at  to register.

    Data Privacy and Security
  • Third Public Comment Period for Proposed Part 121 Public Comment Period

    The updated draft of Part 121 Regulations related to NYS Education Law 2-d is now available for public comment. Public comment will be open for a period of 45 days.  Once the comment period is complete, the NY State Education Department will review all comments and determine whether any changes are necessary to the proposed regulations.  Should it be determined that no substantial modifications are required to the draft regulations, they will proceed to the Board of Regents for adoption.  It is anticipated that the regulations will be presented to the Board of Regents in January 2020.  Should substantial modifications be required, an additional public feedback period may be required.  Any school district, individual, consortium, etc. who may have feedback pertaining to the newly published regulations is encouraged to submit a comment.

    The draft Part 121 Regulations can be found at:

    Comments on the draft regulations should be directed to:

    Data Privacy and Security
  • Education Law 2d and Part 121 Regulations - Update

    The revised Part 121 Regulations around Education Law 2d will be going to the Board of Regents for review this summer.  After the Board of Regents review, the revised regulations will be going out for a 45 day public comment period.  We do not yet know what the revisions are to the regulations but will post the information when it becomes avaialble.

    Data Privacy and Security
  • Education Law 2d Public Comment Period is now open.

    The Chief Privacy Officer for the New York State Department of Education presented the draft regulations for Education Law 2d to the Board of Regents on January 14, 2019.  This link leads to a downloadable file of the Proposed Part 121 Regulations for Protecting PII in Educational Agencies.  The 60-Day Public Comment Period is now open and can be accessed using the link as well.


    For more information on the impact of Proposed Part 121 Regulations, please contact Dr. Madalyn Romano at

    Data Privacy and Security
  • Version 2.1 of the Data Privacy Inventory Tool has been released.

    The districts spoke and the RIC One DPSS team listened. Enhancements and new features have been added to the Data Privacy Inventory Tool.  All district inventory information has been migrated to Version 2.1.  District's subscribing to the DPSS can use their current user name and password to login and utilize the new version.

    Data Privacy and Security
  • Fall Digital Digest

    The Fall Digital Digest is being distributed via email to all LHRIC DPSS subscribing districts.

    Data Privacy and Security
  • Data Privacy and Security Service (DPSS)

    The Data Privacy and Security Service (DPSS) formerly known as the Regional Data Privacy Office (RDPO) has been integrated with the RIC One initiative – 12 Regional Information Centers working together as one. The collaboration with other RICs provides more resources and enhances the offerings of the service. The Data Privacy and Security Service supports districts’ compliance with New York State’s Common Core Reform Act, Education Law 2-D and the Parents’ Bill of Rights, and provides resources to confront the increasing threats to district data and security. Specifically, the Data Privacy and Security Service focuses on three important questions related to district data:

    Where is your district data?
    Who is responsible for data in your district?
    Do those responsible for data know what to do and what not to do?

    Data Privacy and Security


View Monthly Calendar

Digital Digest & Blasts

Digital Digests - Quarterly newsletters on the topic of data privacy and security with current information, effective strategies, best practices, and leadership resources.

Digital Blasts – Timely information as it occurs to keep districts informed of the latest developments in the field.

Tools & Resources icon

Digital Debrief

D3—Digital Digest Debrief – Deep dive webinar on a featured topic from the Digital Digest.

Periodic webinars and interviews with industry leaders on topics related to data privacy and security. 



Interview with Linnette Attai, Founder of Playwell LLC.


Software Inventory Tool

This tool enables districts to compile a list of their software inventory as well as links to third-party vendor’s software Privacy Policies and Notices thus enabling districts to comply with provisions of the New York State’s Parents’ Bill of Rights. Over 800 products are currently included in the database, and districts may submit requests for additional products.

Districts still retain responsibility to review vendor contracts. 

Professional Development

Web-based data privacy and security awareness training that follows a structured outline, including a formal assessment and printable certificate of completion.

Additional materials for instructor-led professional development are also available.