← Privacy policy

New York requires every third party that handles student PII to publish a Parents’ Bill of Rights, sign a written Data Privacy & Security Plan, and notify the NYSED Chief Privacy Officer within 7 calendar days of discovering a breach.

What LeagueForge does to comply

• Sign a Data Privacy and Security Plan with each NY school district.
• Adopt the school district’s Parents’ Bill of Rights and add the §121.3 supplemental information.
• Encrypt PII in transit and at rest.
• Notify the district’s Data Protection Officer within 7 days of a confirmed breach.

Parent & student rights

• Inspect and review education records.
• Challenge inaccuracy and request correction within 30 days.
• File complaints with the district’s DPO or with privacy@nysed.gov.

Breach notification

Within 7 calendar days of a confirmed breach to the district; the district then has 60 days to notify parents.

Resources

• Parents' Bill of Rights template
• NYSED Data Privacy & Security

Need help?

School administrators in New York can email privacy@leagueforge.gg for a ready-to-sign DPA pre-built for your state.