At the NYS Department of Education meeting on January 13, 2020, the Board of Regents voted: "That the Regulations of the Commissioner of Education be amended to add a new Part 121, as submitted, effective January 29, 2020."
Other requirements are to appoint a Data Protection Officer, adopt the NIST Cybersecurity Framework, provide annual Cybersecurity Awareness Training, training on laws and regulations and district policies. Districts must also establish a process for handling data breach complaints, develop an incident response plan, ensure that third-party contractors that utilize personally identifiable information are compliant with the Regulations and post the Parents Bill of Rights for Data Privacy and Security on the district website.
The LHRIC is building services to support districts' compliance with the Regulations.
Use this link to read the full report from the NYSED Board of Education