Data Security and Privacy

New York State Education Law 2-d gives you the right to information about how Troy CSD  safeguards student and employee data.

If at any time we learn that student and/or teacher/principal data has been compromised, parents and guardians will be notified, and the data breach will be reported to the New York State Education Department.

A breach is defined as the unauthorized acquisition, access, use, or disclosure of student personally identifiable information (PII) and/or teacher or principal PII by or to a person not authorized to acquire, access, use, or receive the student and/or teacher or principal PII.

Individuals who have concerns or wish to file a complaint about a possible breach or improper disclosure of data may do so using the form below.

Questions about data privacy and security? Contact Data Protection Officer Christina Kole at or 518-328-5454.


Submit an Unauthorized Disclosure/Breach Complaint Form

Please use the following form to file a complaint about a possible breach or improper disclosure of data. This form is designed for use by Troy CSD parents, eligible students (at least 18 years of age or older), principals, teachers, and other employees.

Please do NOT include any information in this form that would constitute personally identifiable information.



Access to Student Records

The Board of Education recognizes its legal responsibility to maintain the confidentiality of student records. As part of this responsibility, the Board will ensure that eligible students and parents/guardians have the right to inspect and review education records, the right to seek to amend
education records and the right to have some control over the disclosure of information from the education record. The procedures for ensuring these rights shall be consistent with state and federal law, including the Family Educational Rights and Privacy Act of 1974 (FERPA) and its implementing regulations.

The District will use reasonable methods to provide access to student educational records only to those authorized under the law and to authenticate the identity of the requestor. The district will document requests for and release of records, and retain the documentation in accordance with law. Furthermore, pursuant to Education Law §2-d, the district will execute agreements with third-party contractors who collect, process, store, organize, manage or analyze student personally identifiable information (PII) to ensure that the contractors comply with the law in using appropriate means to safeguard the data.

Parents/guardians or eligible students have a right to: (1) inspect and review the student’s education records; (2) request that records be amended to ensure that they are not inaccurate, misleading, or otherwise in violation of the student’s privacy rights; (3) consent to disclosure of personally identifiable information contained in the student’s education records, except to the extent that FERPA authorizes disclosure without consent; and (4) file a complaint with the United States Department of Education alleging failure of the district to comply with FERPA and its regulations; and/or file a complaint regarding a possible data breach by a third party contractor with the district and/or the New York State Education Department’s Chief Privacy Officer for failure to comply with state law.

Additionally, please be informed that: (1) that it is the district’s policy to disclose personally identifiable information from student records, without consent, to other school officials within the district whom the district has determined to have legitimate educational interests. The notice will define ‘school official’ and ‘legitimate educational interest.; (2) that, upon request, the district will disclose education records without consent to officials of another school district in which a student seeks to or intends to enroll or is actually enrolled; (3) that personally identifiable information will be released to third party authorized representatives for the purposes of educational program audit, evaluation, enforcement or compliance purposes; (4) that the district, at its discretion, releases directory information, defined as a student’s name and address, without prior consent, unless the parent/guardian or eligible student has exercised their right to prohibit release of the information without prior written consent. Objections must be in writing and delivered to the building principal. You may use the form below. Social security numbers or other personally identifiable information will not be considered directory information. The district will not sell directory information; (5) that, upon request, the district will disclose a high school student’s name, address and telephone number to military recruiters and institutions of higher learning unless the parent or secondary school student exercises their right to prohibit release of the information without prior written consent; (6) of the procedure for exercising the right to inspect, review and request amendment of student records; and , (7) that the district will provide information as a supplement to the ‘Parents’ Bill of Rights’ about third parties with which the district contracts that use or have access to personally identifiable student data.

The district may also release student education records, or the personally identifiable information contained within, without consent, where permitted under federal law and regulation. For a complete list of exceptions to FERPA’s prior consent requirements see Regulation 5500-R in our policy manual.

Download the Objection to Release of Directory Information here.