Education Law Section 2-d Compliance

New York State (NYS) Education Law 2-d Regulation has been implemented to address and provide guidance to educational agencies and third-party contractors on protecting the privacy of Personally Identifiable Information (PII) of students, as well as records pertaining to professional performance review data of teachers and principals. As part of this regulation, educational agencies must now adopt a data security and privacy program that aligns with the National Institute of Standard and Technology (NIST) Cybersecurity.

School Obligations:

  • Appoint a qualified Data Protection Officer to oversee the institution’s data and privacy
  • Create and enact Data Security and Privacy Policies
  • Perform annual security trainings for employees of educational agencies
  • Produce and share a Parent’s Bill of Rights to be included in every contract with a third-party contractor (TPC) that has access to PII
  • Enforce all third-party contractors to submit a Data Security and Privacy Plan in which they show how they will protect PII for each contract
  • Implement the NIST Cybersecurity Framework (CFS) as the basis for data security and privacy and satisfy those requirements to prove sufficient protection of PII

Third Party Contractor Obligations

  • Implement the NIST Cybersecurity Framework (CFS) as the basis for data security and privacy and satisfy those requirements to prove sufficient protection of PII
  • Comply with both Education Law-2d and its Part 121 regulations, and with the educational agency’s policy with whom it contracts
  • Limit internal access to PII to the employees and subtractors in need of data access
  • Not use or disclose of PII outside of contract authorizations
  • Maintain reasonable safeguards to protect the PII in its possession
  • Use encryption to protect PII
  • Follow the regulations set forth for the reports and notifications of breaches and unauthorized disclosures

From developing a framework to implementing your plan, M.A. Polce can help you fulfill all these requirements and get ahead of the curve. Your information is valuable and deserves to be protected. Contact us today for your free consultation!

Get Started!


You are now leaving MA Polce Consulting

MA Polce Consulting provides links to web sites of other organizations in order to provide visitors with certain information. A link does not constitute an endorsement of content, viewpoint, policies, products or services of that web site. Once you link to another web site not maintained by MA Polce Consulting, you are subject to the terms and conditions of that web site, including but not limited to its privacy policy.

You will be redirected to

Click the link above to continue or CANCEL