Data Privacy & Security Digital Digest_Winter 2020

Education Law 2-d Part 121 Update

The last 45-day public comment period for the proposed Part 121 regulations closed on December 9. The implementation timeline shown below is dependent upon the Board of Regents adopting the updated proposed Part 121 regulations in January. Visit the NYS Education Department’s Student Data Privacy page for the latest updates.

Comptroller’s Corner

The Office of the Comptroller conducted five Information Technology audits since October 2019. The results demonstrate a clear need for districts to address sensitive IT controls and to provide cybersecurity training for staff. Out of the five districts audited: • One district did not regularly review network user accounts and disable those that were determined to be unnecessary. • One district had hardware and software inventory records that were inaccurate and outdated. • One district had four employees using Personal Internet on computers who routinely accessed personal, private and sensitive information (PPSI). • Two districts did not monitor computer use policies or adopt adequate IT security policies. • Two districts did not develop procedures for managing, limiting and monitoring user accounts and permissions and securing personal, private and sensitive information. • Two districts did not have a disaster recovery plan.

Made with FlippingBook Learn more on our blog