The Children’s Day Program at CDD is committed to protecting the privacy and security of each and every student’s data. Parent’s/legal guardians should be aware of the following rights they have concerning their child’s data:

  1. A student’s personally identifiable information (PII) cannot be sold or released for any commercial purpose.


  1. Parents have the right to inspect and review the complete contents of their child’s education record.


  1. State and federal laws such as Education Law § 2-d; the Commissioner of Education’s Regulations at 8 NYCRR Part 121, the Family Educational Rights and Privacy Act ("FERPA") at 12 U.S.C. 1232g (34 CFR Part 99); Children's Online Privacy Protection Act ("COPPA") at 15 U.S.C. 6501-6502 (16 CFR Part 312); Protection of Pupil Rights Amendment ("PPRA") at 20 U.S.C. 1232h (34 CFR Part 98); the Individuals with Disabilities Education Act (“IDEA”) at 20 U.S.C. 1400 et seq. (34 CFR Part 300); protect the confidentiality of a student’s identifiable information. Safeguards associated with industry standards and best practices including but not limited to encryption, firewalls and password protection must be in place when student PII is stored or transferred.


  1. A complete list of all student data elements collected by NYSED is available for public review at: 0.pdf or by writing to the Office of Information and Reporting Services, New York State Education Department, Room 863 EBA,89 Washington Avenue, Albany, NY 12234.


  1. Parent have the right to complain about possible breaches and unauthorized disclosures of PII addressed. Complaints may be submitted to CDD. CDD shall provide a response detailing its findings from the investigations no more than sixty days after receipt of the complaint. Complaints pertaining to the State Education Department or one of its third party vendors should be directed in writing to:

 Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany, NY 12234; by email to; or by telephone at 518-474- 0937.


  1. In accordance with applicable laws and regulations if a breach or unauthorized release of PII occurs third party contractors are required to notify CDP within seven days of discovery.


  1. The Center for Developmental Disabilities and Children’s Day Program staff that handle PII will receive training on applicable state and federal laws, policies, and safeguards associated with industry standards and best practices that protect PII.


  1. The Center for Developmental Disabilities and Children’s Day Program contracts with vendors that receive PII and will address statutory and regulatory data privacy and security requirements.


  1. Parents may access the State Education Department’s Parents’ Bill of Rights at: 1.pdf