RIC One DATA PRIVACY & SECURITY
For questions related to the RIC One API integrations, please use the Service Now portal for submission of issues.
The RIC One API team will be working with the Student Services team to resolve issues related to RIC One API Integrations.
Please use this link to submit a request: https://lhric.service-now.com/ess/main.do
Data Privacy and Security Services During the COVID-19 Pandemic
Supporting District Response to Data Privacy During the COVID-19 Pandemic
Last Updated 3/27/20
The RIC One Data Privacy and Security Service is a statewide initiative. The LHRIC is available to assist you during the COVID-19 Outbreak. We will continue to support district needs and questions regarding data privacy and security.
Please be aware that malicious actors are taking advantage of the increased concern around the Corona Virus / COVID-19. A few examples are below:
- A malicious coronavirus tracking Android App now known as “CovidLock” is pretending to warn users about people infected nearby only to install Ransomware on their device that demands $100 worth of Bitcoin ransom to be paid within 48 hours.
Cybercriminals are using “Coronavirus Maps” to steal credentials, including “user names, passwords, credit card numbers, and other sensitive information.” The malware hidden in the map, AZORult, gains unlimited access to data once deployed on a machine. However this map scam seems to target user credentials.
- A new opportunistic phishing campaign was discovered by a security firm that is taking advantage of fears and concerns over the coronavirus. The phishing email includes a malicious link or pdf file that claims to contain information on how you can protect yourself from the coronavirus.
Also, be wary of software companies that are offering "free" subscriptions to software to facilitate online learning. Unless, you have properly reviewed the privacy policies of these vendors, determined they are compliant with Ed Law 2-d / Part 121 Regulations and have a signed agreement, supplemental information and a district specific signed Parents' Bill of Rights, you cannot utilized them. We are working to protect the health of our students, teachers and administrators, let's not lose sight of protecting their data as well.
Any questions... feel free to reach out to Dr. Madalyn Romano at firstname.lastname@example.org. I will be monitoring email and will respond as quickly as possible to any questions or concerns.
Enhancements to the RIC One Data Privacy and Security Service
Beginning with the 2020 School Year, the LHRIC will be offering additional levels of support for district compliance with Ed Law 2-d and Part 121 Regulations.
Working side by side with district data privacy teams, the LHRIC will provide mentoring and guidance to help districts develop internal capacity to meet the requirements of Ed Law 2-d and the Regulations.
Participation in RIC One DPSS is required.
The goal is to provide assistance with the requirements of Ed Law 2-d and the Regulations based on district needs. A school district administrator retains the official title and authority of the DPO with the LHRIC performing routine functions and support.
Participation in RIC One DPSS is required. Availability is limited.
RIC One API
Data Privacy Resources
What to do in the first 48 hours of a Cyber attack can make a big difference in the impact of the attack. The link below will provide districts with contact information and steps to follow in the event of a Cyber attack on your systems.
On October 18, 2019 the LHRIC's RIC One Data Privacy and Security Team held an update on the Part 121 Regulations for Ed Law 2-d and an information session on Cybersecurity from Core BTS. Resource documents from the session can be found using the links below.
RIC One DPSS
The RIC One DPSS Website has been modified to include resources and tools to help districts begin their work on the requirements for compliance with Part 121 Regulations of Ed Law 2-d. Use this link to access the RIC One DPSS and resources.RIC One DPSS
Maintaining the security and privacy of student data is what sets RIC One apart from all other similar services. Districts retain control of their data while in the custody of their RIC.
Digital Digest & Blasts
D3—Digital Digest Debrief – Deep dive webinar on a featured topic from the Digital Digest.
Periodic webinars and interviews with industry leaders on topics related to data privacy and security.
Software Inventory Tool
This tool enables districts to compile a list of their software inventory as well as links to third-party vendor’s software Privacy Policies and Notices thus enabling districts to comply with provisions of the New York State’s Parents’ Bill of Rights. Over 800 products are currently included in the database, and districts may submit requests for additional products.
Districts still retain responsibility to review vendor contracts.
Web-based data privacy and security awareness training that follows a structured outline, including a formal assessment and printable certificate of completion.
Additional materials for instructor-led professional development are also available.