S04284 Summary:

BILL NO    S04284 

SAME AS    No same as 

SPONSOR    GRISANTI

COSPNSR    ADDABBO, AVELLA, BOYLE, ESPAILLAT, GALLIVAN, GIPSON, GOLDEN, GRIFFO,
           HOYLMAN, KENNEDY, KRUEGER, LANZA, LATIMER, LITTLE, MARTINS, MAZIARZ,
           MONTGOMERY, O'MARA, PARKER, RITCHIE, SAVINO, SQUADRON, TKACZYK,
           VALESKY, ZELDIN

MLTSPNSR   

Add S3212-b, Ed L

Prohibits the release of personally identifiable student information where
parental consent is not provided.
Go to top

S04284 Actions:

BILL NO    S04284 

03/19/2013 REFERRED TO EDUCATION
01/08/2014 REFERRED TO EDUCATION
Go to top

S04284 Text:

                           S T A T E   O F   N E W   Y O R K
       ________________________________________________________________________

                                         4284

                              2013-2014 Regular Sessions

                                   I N  S E N A T E

                                    March 19, 2013
                                      ___________

       Introduced  by Sen. GRISANTI -- read twice and ordered printed, and when
         printed to be committed to the Committee on Education

       AN ACT to amend the  education  law,  in  relation  to  the  release  of
         personally identifiable student information

         THE  PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM-
       BLY, DO ENACT AS FOLLOWS:

    1    Section 1. The education law is amended by adding a new section 3212-b
    2  to read as follows:
    3    S 3212-B. RELEASE OF PERSONALLY IDENTIFIABLE STUDENT  INFORMATION.  1.
    4  DEFINITIONS. AS USED IN THIS SECTION:
    5    (A)  "DIRECTORY  INFORMATION"  SHALL  MEAN, BUT NOT BE LIMITED TO, THE
    6  STUDENT'S NAME; ADDRESS; TELEPHONE  LISTING;  ELECTRONIC  MAIL  ADDRESS;
    7  PHOTOGRAPH;  DATE AND PLACE OF BIRTH; MAJOR FIELD OF STUDY; GRADE LEVEL;
    8  ENROLLMENT STATUS (UNDERGRADUATE OR GRADUATE, FULL-TIME  OR  PART-TIME);
    9  DATES  OF  ATTENDANCE; PARTICIPATION IN OFFICIALLY RECOGNIZED ACTIVITIES
   10  AND SPORTS; WEIGHT AND HEIGHT OF MEMBERS  OF  ATHLETIC  TEAMS;  DEGREES,
   11  HONORS,  AND  AWARDS  RECEIVED;  THE  MOST  RECENT EDUCATIONAL AGENCY OR
   12  INSTITUTION ATTENDED; STUDENT  ID  NUMBER,  USER  ID,  OR  OTHER  UNIQUE
   13  PERSONAL  IDENTIFIER  USED  BY  A  STUDENT  FOR PURPOSES OF ACCESSING OR
   14  COMMUNICATING IN ELECTRONIC SYSTEMS, BUT ONLY IF THE  IDENTIFIER  CANNOT
   15  BE USED TO GAIN ACCESS TO EDUCATION RECORDS EXCEPT WHEN USED IN CONJUNC-
   16  TION  WITH  ONE  OR  MORE FACTORS THAT AUTHENTICATE THE USER'S IDENTITY,
   17  SUCH AS A PERSONAL IDENTIFICATION NUMBER (PIN), PASSWORD OR OTHER FACTOR
   18  KNOWN OR POSSESSED ONLY BY THE AUTHORIZED USER; AND A STUDENT ID  NUMBER
   19  OR  OTHER  UNIQUE  PERSONAL IDENTIFIER THAT IS DISPLAYED ON A STUDENT ID
   20  BADGE, BUT ONLY IF THE IDENTIFIER CANNOT  BE  USED  TO  GAIN  ACCESS  TO
   21  EDUCATION  RECORDS  EXCEPT  WHEN  USED  IN  CONJUNCTION WITH ONE OR MORE
   22  FACTORS THAT AUTHENTICATE THE USER'S IDENTITY, SUCH AS A PIN,  PASSWORD,
   23  OR OTHER FACTOR KNOWN OR POSSESSED ONLY BY THE AUTHORIZED USER.
   24    (B)  "PERSONALLY IDENTIFIABLE STUDENT INFORMATION" SHALL MEAN, BUT NOT
   25  LIMITED TO, THE STUDENT'S NAME; THE NAME  OF  THE  STUDENT'S  PARENT  OR

        EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                             [ ] is old law to be omitted.
                                                                  LBD09672-03-3
       S. 4284                             2

    1  OTHER  FAMILY MEMBERS; THE ADDRESS OF THE STUDENT OR STUDENT'S FAMILY; A
    2  PERSONAL IDENTIFIER, SUCH  AS  THE  STUDENT'S  SOCIAL  SECURITY  NUMBER,
    3  STUDENT NUMBER, OR BIOMETRIC RECORD; OTHER INDIRECT IDENTIFIERS, SUCH AS
    4  THE  STUDENT'S  DATE OF BIRTH, PLACE OF BIRTH, AND MOTHER'S MAIDEN NAME;
    5  OTHER INFORMATION THAT, ALONE OR IN COMBINATION, IS LINKED OR LIKABLE TO
    6  A SPECIFIC STUDENT THAT WOULD ALLOW A REASONABLE PERSON  IN  THE  SCHOOL
    7  COMMUNITY,  WHO DOES NOT HAVE PERSONAL KNOWLEDGE OF THE RELEVANT CIRCUM-
    8  STANCES, TO IDENTIFY THE STUDENT WITH REASONABLE CERTAINTY; OR  INFORMA-
    9  TION  REQUESTED  BY  A  PERSON WHO THE EDUCATIONAL AGENCY OR INSTITUTION
   10  REASONABLY BELIEVES KNOWS THE IDENTITY OF THE STUDENT TO WHOM THE EDUCA-
   11  TION RECORD RELATES.
   12    (C) "BIOMETRIC RECORD", AS USED IN THE DEFINITION OF "PERSONALLY IDEN-
   13  TIFIABLY STUDENT INFORMATION", SHALL MEAN A RECORD OF ONE OR MORE  MEAS-
   14  URABLE  BIOLOGICAL  OR  BEHAVIORAL  CHARACTERISTICS THAT CAN BE USED FOR
   15  AUTOMATED RECOGNITION OF AN INDIVIDUAL, INCLUDING  FINGERPRINTS,  RETINA
   16  AND  IRIS  PATTERNS,  VOICEPRINTS, DNA SEQUENCE, FACIAL CHARACTERISTICS,
   17  AND HANDWRITING.
   18    (D) "STUDENT" SHALL MEAN ANY PERSON WITH RESPECT  TO  WHOM  AN  EDUCA-
   19  TIONAL  AGENCY  OR INSTITUTION MAINTAINS EDUCATION RECORDS OR PERSONALLY
   20  IDENTIFIABLE INFORMATION, BUT DOES NOT INCLUDE A PERSON WHO HAS NOT BEEN
   21  IN ATTENDANCE AT SUCH AGENCY OR INSTITUTION.
   22    (E) "SCHOOL" SHALL MEAN ANY PUBLIC OR PRIVATE ELEMENTARY OR  SECONDARY
   23  SCHOOL OR COLLEGE AS DEFINED IN SECTION TWO OF THIS CHAPTER.
   24    2.  NEITHER  THE DEPARTMENT, DISTRICT BOARDS OF EDUCATION, NOR SCHOOLS
   25  SHALL DISCLOSE ANY PERSONALLY IDENTIFIABLE STUDENT  INFORMATION  TO  ANY
   26  THIRD  PARTY  WITHOUT PARENTAL CONSENT, OR IN THE CASE OF STUDENTS EIGH-
   27  TEEN YEARS OF AGE OR OLDER THE CONSENT OF THE STUDENT, EXCEPT WHERE:
   28    (A) DISCLOSURE IS REQUIRED BY LAW; OR
   29    (B) DISCLOSURE IS PURSUANT TO A COURT ORDER OR SUBPOENA; OR
   30    (C) DISCLOSURE IS TO A THIRD PARTY PURSUANT TO A CONTRACT WHEREBY  THE
   31  ENTITY  IS  PERFORMING  ADMINISTRATIVE, TECHNICAL OR TRANSACTIONAL FUNC-
   32  TIONS THAT WOULD EITHER BE PERFORMED BY EMPLOYEES OF THE  STATE  DEPART-
   33  MENT  OF EDUCATION, DISTRICT BOARD OF EDUCATION OR SCHOOL, PROVIDED THAT
   34  SAID CONTRACTOR:
   35    (1) AGREES NOT TO DISCLOSE OR USE THE PERSONALLY IDENTIFIABLE  STUDENT
   36  INFORMATION FOR ANY OTHER PURPOSES;
   37    (2)  MAINTAINS REASONABLE ADMINISTRATIVE, TECHNICAL AND PHYSICAL SAFE-
   38  GUARDS TO PROTECT THE SECURITY, CONFIDENTIALITY  AND  INTEGRITY  OF  THE
   39  PERSONALLY IDENTIFIABLE STUDENT INFORMATION; AND
   40    (3)  INDEMNIFIES THE DEPARTMENT, DISTRICT BOARD OF EDUCATION OR SCHOOL
   41  FOR ANY DAMAGES DUE TO A VIOLATION OF THIS SECTION; OR
   42    (D) DISCLOSURE IS TO A THIRD PARTY FOR THE PURPOSE OF A RESEARCH STUDY
   43  CARRIED OUT BY OR ON THE BEHALF OF THE  DEPARTMENT,  DISTRICT  BOARD  OF
   44  EDUCATION OR SCHOOL; OR
   45    (E) DISCLOSURE IS FOR THE PURPOSE OF A STATE OR FEDERAL AUDIT OR EVAL-
   46  UATION BY ENTITIES AUTHORIZED UNDER STATE OR FEDERAL LAW; OR
   47    (F) DISCLOSURE IS NECESSARY DUE TO A HEALTH OR SAFETY EMERGENCY.
   48    3.  DETAILED  RECORDS  OF  ALL  NON-CONSENSUAL DISCLOSURES PURSUANT TO
   49  SUBDIVISION TWO OF THIS SECTION SHALL BE INCLUDED IN  THE  CORRESPONDING
   50  STUDENT'S EDUCATIONAL RECORDS.
   51    4. WHERE THE DEPARTMENT, DISTRICT BOARD OF EDUCATION OR SCHOOL MAKES A
   52  DISCLOSURE  PURSUANT TO PARAGRAPH (D) OF SUBDIVISION TWO OF THIS SECTION
   53  AND PURSUANT TO PARAGRAPH (E) OF SUBDIVISION TWO OF THIS  SECTION  WHERE
   54  PRACTICABLE,  IT  SHALL POST ON ITS WEBSITE, SEND HOME VIA MAIL AND MAKE
   55  OTHERWISE PUBLICLY AVAILABLE:
       S. 4284                             3

    1    (A) THE PARTICULAR TYPE OR TYPES OF  PERSONALLY  IDENTIFIABLE  STUDENT
    2  INFORMATION ARE TO BE DISCLOSED;
    3    (B) THE ENTITY TO WHICH THE DISCLOSURE IS TO BE MADE;
    4    (C)  THE PURPOSE OF THE STUDY, AUDIT OR EVALUATION AND WHY THE DISCLO-
    5  SURE IS NECESSARY FOR ITS COMPLETION;
    6    (D) THE SPECIFIC TIME FRAME DURING WHICH THE  PERSONALLY  IDENTIFIABLE
    7  STUDENT INFORMATION WILL BE UTILIZED AND THEN SECURELY DESTROYED;
    8    (E)  THE ENTITY'S ASSURANCE OF COMPLIANCE WITH ADMINISTRATIVE, TECHNI-
    9  CAL AND PHYSICAL SAFEGUARDS, INCLUDING ALL THE FEDERAL  AND  STATE  DATA
   10  PRIVACY  AND  DATA  SAFEGUARDING RULES THE DEPARTMENT, DISTRICT BOARD OF
   11  EDUCATION AND SCHOOLS ARE SUBJECT TO, TO PROTECT THE SECURITY, CONFIDEN-
   12  TIALITY AND INTEGRITY OF THE PERSONALLY  IDENTIFIABLE  STUDENT  INFORMA-
   13  TION; AND
   14    (F)  THE ENTITY'S INDEMNIFICATION OF THE DEPARTMENT, DISTRICT BOARD OF
   15  EDUCATION OR SCHOOL FOR ANY VIOLATION OF THIS SECTION.
   16    5. NOTIFICATION AND CONSENT FORMS SHALL INCLUDE:
   17    (A) THE SCOPE, PURPOSE AND ALLOWABLE USES OF THE PERSONALLY  IDENTIFI-
   18  ABLE STUDENT INFORMATION;
   19    (B) THE RISK OF DATA BREACHES AND THE REASONABLE ADMINISTRATIVE, TECH-
   20  NICAL  AND  PHYSICAL  SAFEGUARDS USED TO PROTECT THE SECURITY, CONFIDEN-
   21  TIALITY AND INTEGRITY OF THE PERSONALLY  IDENTIFIABLE  STUDENT  INFORMA-
   22  TION; AND
   23    (C)  INFORMATION  REGARDING WHO IS LEGALLY AND FINANCIALLY RESPONSIBLE
   24  SHOULD THERE BE A VIOLATION OF THIS SECTION.
   25    6. THE STATE COMPTROLLER SHALL CARRY  OUT  REGULAR  AUDITS  TO  ENSURE
   26  PROPER  PROCEDURES  HAVE  BEEN  USED; RELEVANT NOTIFICATIONS AND CONSENT
   27  FORMS ARE COMPLETED; AND SECURITY AND PRIVACY PROTECTIONS MEASURES  USED
   28  IN  THE  STORAGE,  TRANSMISSION  AND  USAGE  OF  PERSONALLY IDENTIFIABLE
   29  STUDENT INFORMATION  ARE  EFFECTIVE  AND  ACCURATELY  DESCRIBED  IN  THE
   30  NOTIFICATION DOCUMENTS.
   31    7.  ANY  ORGANIZATION  OR  COMPANY  FOUND  IN  VIOLATION OF ANY OF THE
   32  PROVISIONS OF THIS SECTION SHALL BE PROHIBITED FROM OBTAINING PERSONALLY
   33  IDENTIFIABLE STUDENT INFORMATION FOR A  PERIOD  OF  NO  LESS  THAN  FIVE
   34  YEARS.
   35    8.  THE  NEW  YORK  STATE ATTORNEY GENERAL SHALL HAVE THE AUTHORITY TO
   36  OVERSEE AND ENFORCE COMPLIANCE WITH THIS SECTION AND TO IMPOSE APPROPRI-
   37  ATE PENALTIES ON THOSE FOUND IN VIOLATION OF ANY OF ITS PROVISIONS.
   38    9. ANY DATA SYSTEMS MAINTAINED BY  THE  STATE  OR  DISTRICT  OR  THEIR
   39  REPRESENTATIVES  SHALL,  TO THE MAXIMUM EXTENT PRACTICABLE, CONFORM WITH
   40  THE FEDERAL TRADE COMMISSION'S DATA PRIVACY AND DATA SAFEGUARDING RULES.
   41    10. NOTHING IN THIS SECTION SHALL  LIMIT  THE  ADMINISTRATIVE  USE  OF
   42  SCHOOL  RECORDS  BY A PERSON ACTING EXCLUSIVELY IN THE PERSON'S CAPACITY
   43  AS AN EMPLOYEE OF A SCHOOL, A BOARD OF EDUCATION OR OF THE STATE OR  ANY
   44  OF  ITS POLITICAL SUBDIVISIONS, ANY COURT OR THE FEDERAL GOVERNMENT THAT
   45  DEMONSTRATES AN APPROPRIATE NEED FOR THE INFORMATION.
   46    S 2. This act shall take effect July 1, 2013 and shall apply to school
   47  years beginning with the 2013-2014 academic year.
Go to top
Page display time = 0.0896 sec