This policy outlines SchoolParency’s responsibility to adopt appropriate technical and organizational security safeguards and controls to protect and maintain the confidentiality, integrity, and availability of Student, Teacher, and Principal data and any other Personally Identifiable Information we process in line with our service provision.
It is the responsibility of SchoolParency to:
SchoolParency will utilize the National Institute of Standards and Technology’s Cybersecurity Framework v 1.1 (NIST CSF or Framework) as the standard for its Data Privacy and Security Program.
The policy applies to SchoolParency personnel, consultants, and third-parties who receive or have access to SchoolParency’s data and/or data systems (”Users”).
This policy encompasses all systems, automated and manual, including systems managed or hosted by third parties on behalf of SchoolParency. It addresses all information, regardless of the form or format, which is created or used in support of the activities of SchoolParency.
This policy shall be published on the SchoolParency website, and a notice of its existence shall be provided to all Users.
SchoolParency Co-founders Eddie Jimenez and Peter Ostrander are responsible for the compliance of their programs and services with this policy, related policies, and their applicable standards, guidelines, and procedures. Instances of non-compliance will be addressed on a case-by-case basis. All cases will be documented, and personnel will be directed to adopt corrective practices, as applicable.
SchoolParency Co-founders Eddie Jimenez and Peter Ostrander shall be ultimately responsible for overseeing privacy and security activities across the business. A record of reported breaches will be held by the business, including the number and disposition of any and all reported breaches. This will include a summary of any complaints and any and all remedies are taken to mitigate the breach submitted pursuant to Education Law §2-d.
SchoolParency will respond to data privacy and security incidents efficiently and thoughtfully. SchoolParency Co-founders will determine if there is a breach. All identified breaches will be reported to the Chief Privacy Officer. For the avoidance of doubt, a breach means the unauthorized acquisition, access, use, or disclosure of student, teacher or principal PII as defined by Education law §2-d, or any SchoolParency sensitive or confidential data or a data system that stores that data, by or to a person not authorized to acquire, access, use, or receive the data.
SchoolParency will comply with legal requirements that pertain to the notification of individuals affected by a breach or unauthorized disclosure of personally identifiable information.