Data Privacy and Security Services Support

Supporting District Response to Data Privacy

The RIC One Data Privacy and Security Service is a statewide initiative.  All twelve RICs are working together to provide districts with resources in support of Ed Law 2d Part 121 Regulations.  The LHRIC is here to support your needs.  We will continue to keep you up to date with information regarding NYSED deadlines and help your newly appointed Data Protection Officer fulfill the districts requirements.

Keep in mind, the need to protect not only the health of your students and staff but their data as well.  Be wary of "free" software offers.  Be sure to utilize Ed Law 2-d compliant tools for remote learning and video conferencing.  Not sure if software is compliant with Ed Law 2-d? Use this link for the list of LHRIC supported Ed Law 2-d compliant software.

Any questions... feel free to reach out to Dr. Madalyn Romano at

Data Protection Officer Resources

RIC One DPSS Website

LHRIC/SWBOCES Supplemental Contract Information

Response to Malware - First 48 Hours.pdf  

DPO Responsibilities SLIDE DECK.pdf  

DPO Workbook.pdf 

Ed Law 2-d Part 121 Regulations:  Data Security and Privacy Policy Overview

NYSED Draft Policy - Highlighted Document



The supplemental information for LHRIC/SWBOCES contracted software is available using the link above.  A variety of contracting consortiums and buying channels are used to ensure Ed Law 2-d Part 121 Regulation compliance.  If you have any questions about the laws and regulation contact Dr. Madalyn Romano (  For questions regarding software through Student / Financial Services, contact Jay Dave (  For Instructional Software contracts, contact Mary Lynn Collins-Callanan (


What to do in the first 48 hours of a Cyber attack can make a big difference in the impact of the attack.  The link below will provide districts with steps to follow in the event of a Cyber attack on your systems.  

 Threat Landscape.pdf 

Additional Resources - Dealing with COVID-19

Online Conferencing Guidance

In the wake of the COVID-19 crisis, school districts have leveraged online conferencing platforms to stay connected.  Officials are raising concerns about security due to several reports of uninvited visitors crashing meetings. While educators continue the transition to digital learning, this site is a live document designed to assist school districts with best practices for providing secure online conferencing.

FERPA iconFERPA and Virtual Learning

COSN logo Video Conferencing Tools in the Age of Remote Learning:  Privacy Considerations for New Technologies

DPO Mentoring Service

CoSer 611

Working side by side with district data privacy teams, the LHRIC will provide mentoring and guidance to help districts develop internal capacity to meet the requirements of Ed Law 2-d and the Regulations.

Participation in RIC One DPSS is required.

DPO Support Service

CoSer 611 

The goal is to provide assistance with the requirements of Ed Law 2-d and the Regulations based on district needs. A school district administrator retains the official title and authority of the DPO with the LHRIC performing routine functions and support.

Participation in RIC One DPSS is required. Availability is limited.

Digital Digest & Blasts

Digital Digests - Quarterly newsletters on the topic of data privacy and security with current information, effective strategies, best practices, and leadership resources.

Digital Blasts – Timely information as it occurs to keep districts informed of the latest developments in the field.

Tools & Resources icon

Digital Debrief

D3—Digital Digest Debrief – Deep dive webinar on a featured topic from the Digital Digest.

Periodic webinars and interviews with industry leaders on topics related to data privacy and security. 



Interview with Linnette Attai, Founder of Playwell LLC.


Software Inventory Tool

This tool enables districts to compile a list of their software inventory as well as links to third-party vendor’s software Privacy Policies and Notices thus enabling districts to comply with provisions of the New York State’s Parents’ Bill of Rights. Over 800 products are currently included in the database, and districts may submit requests for additional products.

Districts still retain responsibility to review vendor contracts. 

Professional Development

Web-based data privacy and security awareness training that follows a structured outline, including a formal assessment and printable certificate of completion.

Additional materials for instructor-led professional development are also available.