As required by 121.12 of the Regulations of the Commissioner of Education of the New York State Education Department, titled "Strengthening Data Privacy and Security in NY State Educational Agencies to Protect Personally Identifiable Information", parents shall have the following rights to the data of their children:
- Consistent with the obligations of the educational agency under FERPA, parents and eligible students shall have the right to inspect and review a student's education record by making a request directly to the educational agency in a manner prescribed by the educational agency.
- An educational agency shall ensure that only authorized individuals are able to inspect and review student data. To that end, educational agencies shall take steps to verify the identity of parents or eligible students who submit requests to inspect and review an education record and verify the individual's authority to do so.
- Requests by a parent or eligible student for access to a student's education records must be directed to an educational agency and not to a third-party contractor. An educational agency may require that requests to inspect and review education records be made in writing.
- Educational agencies are required to notify parents annually of their right to request to inspect and review their child's education record including any student data stored or maintained by an educational agency. A notice issued by an educational agency to comply with the FERPA annual notice requirement shall be deemed to satisfy this requirement. Two separate annual notices shall not be required.
- Educational agencies shall comply with a request for access to records within a reasonable period, but not more than 45 calendar days after receipt of a request.
- Educational agencies may provide the records to a parent or eligible student electronically, if the parent consents to such a delivery method. The educational agency must transmit the personally identifiable information in a way that complies with State and federal law and regulations. Safeguards associated with industry standards and best practices, including but not limited to, encryption and password protection, must be in place when education records requested by a parent or eligible student are electronically transmitted.