Has your staff been properly trained to maintain New York State Education Law Section 2-d compliance in their daily work at your organization? Regardless of the technology and controls you have in place, one unaware employee can put it all at risk.
New York State Education Law Section 2-d (more commonly known as Ed Law 2d) demands a higher level of security and data governance that organizations like yours have to follow. Compliance is complex, and there is a critical element of assessment and planning that needs to go into your compliance strategy.
In particular, you need to make sure your staff understands their role in your organization’s overall compliance efforts.
First enacted in 2014, Ed Law 2d was developed to protect the personally identifiable information (PII) of students and education professionals. The intention was to better protect this data as it was collected, accessed and stored in centralized school board databases, which were becoming targets for more and more sophisticated cyber attacks.
In 2019, new additions to Ed Law 2d were proposed, including the adoption of the National Institute for Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity Version 1.1 (CSF or Framework). Furthermore, school districts will be required to appoint at least one “protection officer”, similar to roles in education law compliance.
It’s important to recognize that Ed Law 2d isn’t limited to your technology management and processes. In the section, “Training for Educational Agency Employees”, it states:
“Educational agencies will be mandated to provide annual information privacy and security awareness training to their officers and employees who have access to PII. The training may be provided using online training tools, and may be included in other training already offered.”
Are you sure you’re compliant with Ed Law 2d? More importantly, are you sure your staff is upholding your compliance?
It doesn’t matter which types of technical safeguards you have in place if your staff doesn’t know their role in compliance.
You would be surprised how often staff members mishandle data, leaving a sensitive file in hard copy in a waiting area or open on a visible workstation screen. The fact is that your staff interacts with data more than any of your vendors or other business contacts.
Are you sure your staff knows how to maintain education law compliance?
The fact is that the best cybersecurity technology and organizations in the world can be undone by one staff member who doesn’t understand how to use them, or how to protect the data they work with.
A comprehensive compliance and cybersecurity training program (offered by NST, for example) will teach your staff how to handle a range of potential situations:
Now you know where to begin — do you need help getting your education law compliance off the ground? Try NST.
The good news is that you don’t have to handle compliance training for your team by yourself — NST is here to help. We provide robust compliance training services for our managed services clients in the education sector.
With our help, your staff will contribute to your compliance, not compromise it. Get in touch with our team to get started.