senate Bill S6007

Amended

Establishes penalties for the unauthorized release of personally identifiable information from student records and certain records of classroom teachers and building principals

download pdf

Sponsor

Co-Sponsors

view all co-sponsors

Bill Status


  • Introduced
  • In Committee
  • On Floor Calendar
    • Passed Senate
    • Passed Assembly
  • Delivered to Governor
  • Signed/Vetoed by Governor
view actions

actions

  • 11 / Dec / 2013
    • REFERRED TO RULES
  • 08 / Jan / 2014
    • REFERRED TO RULES
  • 09 / Jan / 2014
    • COMMITTEE DISCHARGED AND COMMITTED TO EDUCATION
  • 14 / Jan / 2014
    • 1ST REPORT CAL.28
  • 22 / Jan / 2014
    • AMENDED 6007A
  • 22 / Jan / 2014
    • 2ND REPORT CAL.
  • 23 / Jan / 2014
    • ADVANCED TO THIRD READING
  • 20 / Jun / 2014
    • RECOMMITTED TO RULES

Summary

Establishes penalties for the unauthorized release of personally identifiable information from student records and certain records of classroom teachers and building principals.

do you support this bill?

Bill Details

Versions:
S6007
S6007A
Legislative Cycle:
2013-2014
Current Committee:
Senate Rules
Law Section:
Education Law
Laws Affected:
Amd §305, Ed L; amd §§156.00, 156.30 & 165.45, Pen L

Sponsor Memo

BILL NUMBER:S6007

TITLE OF BILL: An act to amend the education law and the penal law,
in relation to establishing penalties for the unauthorized release of
personally identifiable information from student records and certain
records of classroom teachers and building principals

PURPOSE:

This bill enhances protections and create stricter penalties in the
case of a breach of data as it relates to the protections of
personally identifiable information of students and certain records of
teachers and building principals as they relate to annual professional
performance reviews.

SUMMARY OF PROVISIONS:

Section 1: Section 1 amends section 305 of the education law by adding
a new subdivision 43. The bill first lays out the definitions as used
within the act. Notable definitions include: "student data" which
refers to the personally identifiable information ("PII") of a
student; "teacher or principal data" which refers to the PII of
teachers and principals in regards to their annual professional
performance reviews; and "third party contractor" which refers to
persons or entities who are allowed to access such PII of students,
teachers, or principals.

The bill thereafter creates the position of Chief Privacy Officer
("CPO") within the State Education Department ("SED"). The CPO shall
be selected by the commissioner and shall be responsible for
formulating the policies and procedures as they relate to student data
or teacher or principal data. The CPO shall be required by January 1,
2014, and each January first thereafter, to submit an annual report to
the executive and legislative branches that will address issues and
updates on student data and privacy in the State.

The bill requires the CPO to work with members of the New York State
Educational Conference Board and parents to establish a Parents Bill
of Rights for Data Privacy and Security ("Parents Bill of Rights").
The Parents Bill of Rights shall be required to be signed and adhered
to by any third party contractor that enters into an agreement with an
educational agency, i.e., a district or BOCES, or the SED, where that
third party contactor receives any PII of students, teachers, or
principals. The Parents Bill of Rights is to be completed within 120
days of this bill being enacted.

The bill would also permit districts to opt-out of having the data
they are required to submit to SED due to federal and state
requirements from being uploaded to SED's statewide education data
portal ("EDP").

The bill requires that the CPO publish on SED's website a complete
list of all data elements that are collected, why such data elements
are collected, and the legal and/or regulatory authority the
department has to collect such data elements.


The bill additionally requires that any time there is a breach of
student data or teacher or principal data that the third party
contractor notify the district, parent, teacher, and/or principal, as
applicable, in the most expedient way possible and without
unreasonable delay. If a third party contractor fails to notify in the
most expedient way possible and without unreasonable delay, the third
party contractor may be subject to a class E felony as well as a civil
penalty up to $150,000.

SED is authorized to impose administrative penalties that are greater
than the penalties that the federal Family Educational Rights and
Privacy Act ("FERPA") provides. SED may prohibit a third party
contractor from accessing student data or teacher or principal data
from the district that is harmed or from any district within the state
for a fixed period of up to five years. SED may also determine that
the third party contactor is not deemed a "responsible bidder" for
purposes of submitting requests for proposals or that the third party
contractor must provide additional training to its employees in the
areas of data privacy and security. If it is determined that any
release of data was no fault of the third party contractor, the
department may make a finding that no administrative penalties should
be imposed.

The bill would also require the commissioner to establish regulations
whereby individuals may submit complaints of a possible breach of data
to the CPO.

The bill would also require SED to promulgate regulations outlining
best practices for districts to follow in regards to privacy and
security. Each district would have 90 days from enactment of this
legislation to ensure it has adopted the best practices guidelines.

Moreover, each third party contactor would be required to establish
that it has privacy protections in place when it contracts to acquire
student data or teacher or principal data in its official capacities.
The third party contractor would also have to agree in writing to
abide by the terms of the Parents Bill of Rights each time it receives
student data or teacher or principal data.

Finally, the bill outlines civil penalties that may be imposed upon a
third party contactor if they are in violation of this act.

Section 2: Section 2 creates new definitions in the penal law by
amending subdivision 7 and creating new subdivisions 10, 11, and 12 to
section 156.00 of the penal law.

Section 3: Section 3 creates a new class E felony in section 156.30 of
the penal law when a person is guilty of unlawful duplication of
computer material in the first degree with the intent to disseminate
such material.

Section 4: Section 4 adds a new subdivision 8 to section 165.45 of the
penal law.

Section 5: Section 5 sets forth an effective date that this act shall
take effect 90 days after it shall become law, provided however, the


commissioner shall have 120 days from enactment to establish a Parents
Bill of Rights.

JUSTIFICATION:

For many years it has been prerogative of school districts and the
State Education Department ("SED") to collect data on our students to
better enhance the students' educational experience and to allow for
the efficient operation of school districts. By collecting data on our
students, teachers and administrators can better formulate lesson
plans and better provide services that our students desperately need.
The data that has been collected has also been very beneficial to
parents who, in many instances, have the opportunity to quickly access
their child's grades and attendance records.

Presently, every district in the state contracts with third party
vendors to provide many of the services that benefit our children This
is not a new phenomenon. In fact, using outside vendors to provide
services to districts has been an established practice and protocol
for many years. These services include transportation, food and lunch
programs, and special education services, among many others. These
types of services would be very costly and time consuming if
individual districts had the burden of administering them exclusively.
Vendors, therefore, are a necessary component of a child's education
because most districts do not have the time, resources, or expertise
to provide the services being provided under the contract. Simply put,
if a district did not contract out for these services, our students
would not be receiving the high quality education that we should
expect for all of our students.

Consent, in certain instances, is not needed by parents or eligible
students by third party contactors that collect personally
identifiable information ("PIT") because of exceptions in the federal
Family Educational Rights and Privacy Act ("FERPA") and its
implementing regulations. These excepted circumstances are
institutional services that are necessary for the functioning of a
school district. As indicated above, without these institutional
services provided by third party contractors, school districts would
severely struggle to exist and children would be denied necessary
services.

While FERPA contains many protections to prevent PII from being
disclosed to inappropriate parties or being re-disclosed if given to a
third party contactor, FERPA should be viewed as a floor. The only
penalty available under FERPA is a five-year prohibition from
accessing data from the respective school district that the third
party contractor received the data from.

This bill would accomplish beneficial goals to enhance the protections
of our students PII. It would create greater transparency of what data
is being collected, who has access to it, and what happens to the data
when the contracted for services are completed. It would create a
Chief Privacy Officer ("CPO") to oversee student data and privacy at
the department. In addition, it creates very strict civil and criminal
penalties to act as deterrents from abuse. Importantly, this bill
would not only protect the PII of our students, but it would also


protect the PII of our teachers and principals in their annual
professional performance reviews ("APPR").

Another critical aspect of this bill is to allow districts to opt-out
of having the student, teacher, and principal data they already send
to the department based on state and federally required directives,
from being uploaded to the as-yet-complete education data portal
("EDP"). Since 2010, the Regents Reform Agenda has ambitiously changed
the educational landscape in New York through a transition to the
common core standards, common core aligned assessments, and a teacher
and principal evaluation system. While these are all important and
noteworthy steps in ensuring every student in the state receives a
high quality education, there has been considerable consternation on
the part of parents, administrators, teachers, and students at the
pace at which the Reform Agenda has been rolled out. Changes are
continually being advanced to ensure those initiatives are implemented
correctly, and notably, districts and their unions are right now going
back to the table to fine tune their APPR plans. Therefore,
districts, parents, teachers, and students simply cannot afford
another onerous obligation on top of the significant changes they are
currently undertaking.

There is no doubt that some districts would reap immediate benefits
from the EDP, however, it should at the very least be optional for
districts to take part in this mandated initiative while they continue
to deal with the already complex and time consuming implemented
aspects of the Reform Agenda. While participation in the EDP under
this legislation would be optional, it is important to note that
districts would still-as has been current practice-be obligated to
send the data they are currently required to collect to the
Department.

It is fundamental that we protect our students, teachers, and
principals PII from being used inappropriately. It is also important
that we allow districts to continue to use data responsibly in order
to provide necessary services for our students by continuing to allow
third parties to provide the services they have been providing for
many years. This bill would strike an appropriate balance between
protecting our students, teachers and principals, and allowing
districts to provide necessary services efficiently.

LEGISLATIVE HISTORY:

New bill

FISCAL IMPLICATIONS:

To be determined.

EFFECTIVE DATE:

This act shall take effect on the ninetieth day after it shall become
law, provided however, the commissioner shall have 120 days from
enactment to develop a parents bill of rights for student data and
privacy.


view bill text
                    S T A T E   O F   N E W   Y O R K
________________________________________________________________________

                                  6007

                       2013-2014 Regular Sessions

                            I N  S E N A T E

                            December 11, 2013
                               ___________

Introduced  by Sen. FLANAGAN -- read twice and ordered printed, and when
  printed to be committed to the Committee on Rules

AN ACT to amend the education law and the  penal  law,  in  relation  to
  establishing  penalties  for  the  unauthorized  release of personally
  identifiable information from student records and certain  records  of
  classroom teachers and building principals

  THE  PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM-
BLY, DO ENACT AS FOLLOWS:

  Section 1. Section 305 of the education law is amended by adding a new
subdivision 43 to read as follows:
  43. UNAUTHORIZED RELEASE OF PERSONALLY IDENTIFIABLE INFORMATION.
  A. AS USED IN THIS SUBDIVISION THE  FOLLOWING  TERMS  SHALL  HAVE  THE
FOLLOWING MEANINGS:
  (1)  "BUILDING PRINCIPAL" MEANS A BUILDING PRINCIPAL SUBJECT TO ANNUAL
PERFORMANCE EVALUATION REVIEW UNDER  THE  PROVISIONS  OF  SECTION  THREE
THOUSAND TWELVE-C OF THIS CHAPTER.
  (2)  "CLASSROOM TEACHER" MEANS A TEACHER SUBJECT TO ANNUAL PERFORMANCE
EVALUATION  REVIEW  UNDER  THE  PROVISIONS  OF  SECTION  THREE  THOUSAND
TWELVE-C OF THIS CHAPTER.
  (3) "EDUCATIONAL AGENCY" MEANS A SCHOOL DISTRICT, BOARD OF COOPERATIVE
EDUCATIONAL  SERVICES,  SCHOOL,  INSTITUTION  OF HIGHER EDUCATION OR THE
EDUCATION DEPARTMENT.
  (4) "INSTITUTION OF HIGHER EDUCATION" MEANS AN ENTITY WITH A CAMPUS IN
NEW YORK THAT PROVIDES HIGHER EDUCATION, AS DEFINED IN SUBDIVISION EIGHT
OF SECTION TWO OF THIS TITLE, THAT IS SUBJECT TO THE REQUIREMENTS OF THE
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT, SECTION TWELVE HUNDRED  THIR-
TY-TWO-G OF TITLE TWENTY OF THE UNITED STATES CODE.
  (5) "PERSONALLY IDENTIFIABLE INFORMATION", AS APPLIED TO STUDENT DATA,
MEANS  PERSONALLY IDENTIFIABLE INFORMATION AS DEFINED IN SECTION 99.3 OF
TITLE THIRTY-FOUR OF THE CODE OF FEDERAL  REGULATIONS  IMPLEMENTING  THE
FAMILY  EDUCATIONAL RIGHTS AND PRIVACY ACT, SECTION TWELVE HUNDRED THIR-

 EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                      [ ] is old law to be omitted.
                                                           LBD13221-03-3

S. 6007                             2

TY-TWO-G OF TITLE TWENTY OF THE UNITED STATES CODE, AND, AS  APPLIED  TO
TEACHER OR PRINCIPAL DATA, MEANS "PERSONALLY IDENTIFYING INFORMATION" AS
SUCH  TERM IS USED IN SUBDIVISION TEN OF SECTION THREE THOUSAND TWELVE-C
OF THIS CHAPTER.
  (6)  "SCHOOL" MEANS ANY PUBLIC ELEMENTARY OR SECONDARY SCHOOL, CHARTER
SCHOOL,  UNIVERSAL  PRE-KINDERGARTEN  PROGRAM  AUTHORIZED  PURSUANT   TO
SECTION  THIRTY-SIX  HUNDRED TWO-E OF THIS CHAPTER, AN APPROVED PROVIDER
OF PRESCHOOL SPECIAL EDUCATION, ANY OTHER PUBLICLY FUNDED PRE-KINDERGAR-
TEN PROGRAM, AN APPROVED PRIVATE SCHOOL FOR THE  EDUCATION  OF  STUDENTS
WITH DISABILITIES, A STATE-SUPPORTED SCHOOL SUBJECT TO THE PROVISIONS OF
ARTICLE  EIGHTY-FIVE OF THIS CHAPTER, A STATE-OPERATED SCHOOL SUBJECT TO
THE PROVISIONS OF ARTICLE EIGHTY-SEVEN OR EIGHTY-EIGHT OF THIS CHAPTER.
  (7) "STUDENT" MEANS ANY PERSON ATTENDING OR SEEKING TO  ENROLL  IN  AN
EDUCATIONAL AGENCY.
  (8)  "ELIGIBLE  STUDENT" MEANS A STUDENT EIGHTEEN YEARS OR OLDER OR AN
EMANCIPATED MINOR. AN EMANCIPATED MINOR AS USED IN THIS  SECTION  REFERS
TO  A STUDENT AT LEAST SIXTEEN YEARS OR OLDER WHO IS NO LONGER A DEPEND-
ENT OF OR IN THE CUSTODY OF A PARENT AS DEFINED IN THIS SECTION.
  (9) "PARENT" MEANS A PARENT, LEGAL GUARDIAN,  OR  PERSON  IN  PARENTAL
RELATION TO A STUDENT.
  (10)  "STUDENT  DATA"  MEANS  PERSONALLY IDENTIFIABLE INFORMATION FROM
STUDENT RECORDS OF AN EDUCATIONAL AGENCY.
  (11) "TEACHER OR PRINCIPAL DATA" MEANS PERSONALLY IDENTIFIABLE  INFOR-
MATION  FROM THE RECORDS OF AN EDUCATIONAL AGENCY RELATING TO THE ANNUAL
PROFESSIONAL PERFORMANCE REVIEWS OF  CLASSROOM  TEACHERS  OR  PRINCIPALS
THAT  IS CONFIDENTIAL AND NOT SUBJECT TO RELEASE UNDER THE PROVISIONS OF
SECTION THREE THOUSAND TWELVE-C OF THIS CHAPTER.
  (12) "THIRD PARTY CONTRACTOR" SHALL MEAN ANY PERSON OR  ENTITY,  OTHER
THAN  AN  EDUCATIONAL  AGENCY,  THAT RECEIVES STUDENT DATA OR TEACHER OR
PRINCIPAL DATA FROM AN EDUCATIONAL AGENCY  PURSUANT  TO  A  CONTRACT  OR
OTHER  WRITTEN  AGREEMENT  FOR  PURPOSES  OF  PROVIDING SERVICES TO SUCH
EDUCATIONAL AGENCY, INCLUDING BUT NOT  LIMITED  TO  DATA  MANAGEMENT  OR
STORAGE  SERVICES,  CONDUCTING  STUDIES  FOR OR ON BEHALF OF SUCH EDUCA-
TIONAL AGENCY, OR AUDIT OR EVALUATION OF PUBLICLY FUNDED PROGRAMS.  SUCH
TERM SHALL INCLUDE AN EDUCATIONAL PARTNERSHIP ORGANIZATION THAT RECEIVES
STUDENT AND/OR PRINCIPAL DATA FROM A SCHOOL DISTRICT TO  CARRY  OUT  ITS
RESPONSIBILITIES  PURSUANT TO SECTION TWO HUNDRED ELEVEN-E OF THIS CHAP-
TER AND IS NOT AN EDUCATIONAL AGENCY AS DEFINED IN SUBPARAGRAPH THREE OF
PARAGRAPH A OF THIS SUBDIVISION, AND  A  NOT-FOR-PROFIT  CORPORATION  OR
OTHER  NON-PROFIT  ORGANIZATION,  OTHER THAN AN EDUCATIONAL AGENCY, OR A
FOR-PROFIT CORPORATION OR BUSINESS ENTITY  THAT  IS  AFFILIATED  WITH  A
CHARTER  SCHOOL AND PROVIDES MANAGEMENT AND/OR OTHER SERVICES TO SUPPORT
THE CHARTER SCHOOL IN ACCORDANCE WITH A CHARTER ISSUED PURSUANT TO ARTI-
CLE FIFTY-SIX OF THIS CHAPTER.
  B. (1) THE COMMISSIONER SHALL APPOINT A CHIEF PRIVACY  OFFICER  WITHIN
THE DEPARTMENT. THE CHIEF PRIVACY OFFICER SHALL BE QUALIFIED BY TRAINING
OR  EXPERIENCE  IN  STATE  AND  FEDERAL EDUCATION PRIVACY LAWS AND REGU-
LATIONS,  CIVIL  LIBERTIES,  ANNUAL  PROFESSIONAL  PERFORMANCE  REVIEWS,
INFORMATION  TECHNOLOGY,  AND  INFORMATION  SECURITY.  THE CHIEF PRIVACY
OFFICER SHALL REPORT TO THE COMMISSIONER ON  MATTERS  AFFECTING  PRIVACY
AND THE SECURITY OF STUDENT, TEACHER, AND PRINCIPAL DATA.
  (2)  THE FUNCTIONS OF THE CHIEF PRIVACY OFFICER SHALL INCLUDE, BUT NOT
BE LIMITED TO:
  (I) PROMOTING THE IMPLEMENTATION OF  FAIR  INFORMATION  PRACTICES  FOR
PRIVACY AND SECURITY OF STUDENT DATA OR TEACHER OR PRINCIPAL DATA;

S. 6007                             3

  (II) ASSISTING THE COMMISSIONER IN HANDLING INSTANCES OF DATA BREACHES
AS WELL AS ASSISTING THE COMMISSIONER IN DUE PROCESS PROCEEDINGS REGARD-
ING ANY ALLEGED BREACHES OF STUDENT DATA OR TEACHER OR PRINCIPAL DATA;
  (III) PROVIDING ASSISTANCE TO EDUCATIONAL AGENCIES WITHIN THE STATE ON
MINIMUM  STANDARDS  AND  BEST  PRACTICES ASSOCIATED WITH PRIVACY AND THE
SECURITY OF STUDENT DATA OR TEACHER OR PRINCIPAL DATA;
  (IV) FORMULATING A PROCEDURE WITHIN THE  DEPARTMENT  WHEREBY  PARENTS,
STUDENTS,  TEACHERS,  SUPERINTENDENTS, SCHOOL BOARD MEMBERS, PRINCIPALS,
AND OTHER PERSONS OR ENTITIES THE CHIEF PRIVACY  OFFICER  DETERMINES  IS
APPROPRIATE,  MAY  REQUEST  INFORMATION  PERTAINING  TO  STUDENT DATA OR
TEACHER OR PRINCIPAL DATA IN A TIMELY AND EFFICIENT MANNER;
  (V) ASSISTING THE COMMISSIONER IN  ESTABLISHING  A  PROTOCOL  FOR  THE
SUBMISSION OF COMPLAINTS OF POSSIBLE BREACHES OF STUDENT DATA OR TEACHER
OR PRINCIPAL DATA;
  (VI)  MAKING RECOMMENDATIONS AS NEEDED REGARDING PRIVACY AND THE SECU-
RITY OF STUDENT DATA ON BEHALF OF THE DEPARTMENT TO  THE  GOVERNOR,  THE
SPEAKER  OF THE ASSEMBLY, THE TEMPORARY PRESIDENT OF THE SENATE, AND THE
CHAIRS OF THE SENATE AND ASSEMBLY EDUCATION COMMITTEES;
  (VII) DEVELOPING, WITH INPUT  FROM  THE  NEW  YORK  STATE  EDUCATIONAL
CONFERENCE BOARD AND PARENTS, THE PARENTS BILL OF RIGHTS FOR DATA PRIVA-
CY AND SECURITY; AND
  (VIII)  ANY OTHER FUNCTIONS THAT THE COMMISSIONER SHALL DEEM APPROPRI-
ATE.
  (3) THE CHIEF PRIVACY OFFICER SHALL HAVE THE POWER TO:
  (I) ACCESS ALL RECORDS, REPORTS, AUDITS, REVIEWS,  DOCUMENTS,  PAPERS,
RECOMMENDATIONS, AND OTHER MATERIALS MAINTAINED BY AN EDUCATIONAL AGENCY
THAT RELATE TO STUDENT DATA OR TEACHER OR PRINCIPAL DATA;
  (II)  TO  REVIEW  AND  COMMENT  UPON ANY DEPARTMENT PROGRAM, PROPOSAL,
GRANT, OR CONTRACT THAT INVOLVES  THE  PROCESSING  OF  STUDENT  DATA  OR
TEACHER  OR  PRINCIPAL DATA BEFORE THE COMMISSIONER BEGINS OR AWARDS THE
PROGRAM, PROPOSAL, GRANT, OR CONTRACT; AND
  (III) ANY OTHER POWERS THAT THE COMMISSIONER SHALL DEEM APPROPRIATE.
  (4) THE CHIEF PRIVACY OFFICER SHALL SUBMIT BY JANUARY FIRST, TWO THOU-
SAND FIFTEEN, AND EACH JANUARY FIRST THEREAFTER, A  REPORT  OUTLINING  A
SUMMARY OF ACTIVITIES, RECOMMENDATIONS, COMPLAINTS, AND STATUTORY, REGU-
LATORY  OR  DEPARTMENTAL CHANGES PERTAINING TO THE PROTECTION OF STUDENT
DATA OR TEACHER OR PRINCIPAL DATA. THE  REPORT  SHALL  BE  SUBMITTED  ON
BEHALF  OF  THE DEPARTMENT TO THE GOVERNOR, THE SPEAKER OF THE ASSEMBLY,
THE TEMPORARY PRESIDENT OF THE SENATE, AND THE CHAIRS OF THE SENATE  AND
ASSEMBLY  EDUCATION  COMMITTEES.  THE REPORT SHALL ALSO BE MADE PUBLICLY
AVAILABLE ON THE DEPARTMENT'S WEBSITE.
  (5) THE CHIEF PRIVACY OFFICER MAY HOLD MORE THAN ONE  POSITION  WITHIN
THE  DEPARTMENT;  PROVIDED  HOWEVER,  THAT  NO  ADDITIONAL POSITION WILL
INTERFERE WITH THE DUTIES OF THE CHIEF PRIVACY OFFICER OUTLINED IN  THIS
PARAGRAPH.
  C.  (1)  THE  CHIEF PRIVACY OFFICER SHALL DEVELOP, WITH INPUT FROM THE
NEW YORK STATE EDUCATIONAL CONFERENCE BOARD AND PARENTS, A PARENTS  BILL
OF  RIGHTS FOR DATA PRIVACY AND SECURITY. THE PARENTS BILL OF RIGHTS FOR
DATA PRIVACY AND SECURITY SHALL BE  INCLUDED  WITH  EVERY  CONTRACT  THE
DEPARTMENT OR EDUCATIONAL AGENCY ENTERS INTO WITH A THIRD PARTY CONTRAC-
TOR WHERE THE THIRD PARTY CONTRACTOR RECEIVES STUDENT DATA OR TEACHER OR
PRINCIPAL  DATA.    EVERY  THIRD  PARTY  CONTRACTOR  THAT  ENTERS INTO A
CONTRACT WITH THE DEPARTMENT OR AN EDUCATIONAL AGENCY  WHERE  THE  THIRD
PARTY  CONTRACTOR  RECEIVES  STUDENT  DATA  OR TEACHER OR PRINCIPAL DATA
SHALL BE REQUIRED TO AGREE IN WRITING TO ABIDE  BY  THE  PROVISIONS  SET
FORTH  IN THE PARENTS BILL OF RIGHTS FOR DATA PRIVACY AND SECURITY. AT A

S. 6007                             4

MINIMUM, THE PARENTS BILL OF RIGHTS FOR DATA PRIVACY AND SECURITY  SHALL
INCLUDE:
  (I)  WHO  THE  EXCLUSIVE  PERSONS OR ENTITIES ARE THAT THE THIRD PARTY
CONTRACTOR WILL SHARE THE STUDENT DATA  OR  TEACHER  OR  PRINCIPAL  DATA
WITH, IF ANY;
  (II)  WHEN  THE AGREEMENT EXPIRES AND WHAT HAPPENS TO THE STUDENT DATA
OR TEACHER OR PRINCIPAL DATA UPON EXPIRATION OF THE AGREEMENT;
  (III) IF AND HOW A PARENT, STUDENT, ELIGIBLE STUDENT, TEACHER OR PRIN-
CIPAL MAY CHALLENGE THE ACCURACY OF THE STUDENT DATA OR TEACHER OR PRIN-
CIPAL DATA THAT IS COLLECTED;
  (IV) WHERE THE STUDENT DATA OR  TEACHER  OR  PRINCIPAL  DATA  WILL  BE
STORED,  AND  THE SECURITY PROTECTIONS TAKEN TO ENSURE SUCH DATA WILL BE
PROTECTED, INCLUDING WHETHER SUCH DATA WILL BE ENCRYPTED; AND
  (V) THE EXCLUSIVE PURPOSES FOR WHICH THE STUDENT DATA  OR  TEACHER  OR
PRINCIPAL DATA WILL BE USED.
  (2) THE COMMISSIONER SHALL PROMULGATE REGULATIONS FOR A COMMENT PERIOD
WHEREBY PARENTS MAY SUBMIT COMMENTS AND SUGGESTIONS TO THE CHIEF PRIVACY
OFFICER TO BE CONSIDERED FOR INCLUSION IN THE PARENTS BILL OF RIGHTS FOR
STUDENT DATA PRIVACY AND SECURITY.
  (3)  THE  DEPARTMENT SHALL POST THE PARENTS BILL OF RIGHTS FOR STUDENT
DATA PRIVACY AND SECURITY ON THE DEPARTMENT'S WEBSITE. EACH  EDUCATIONAL
AGENCY  THAT HAS AN INTERNET WEBSITE SHALL ALSO POST THE PARENTS BILL OF
RIGHTS FOR STUDENT DATA AND SECURITY ON ITS WEBSITE.
  (4) THE PARENTS BILL OF RIGHTS FOR STUDENT DATA PRIVACY  AND  SECURITY
SHALL  BE  COMPLETED  WITHIN ONE HUNDRED TWENTY DAYS AFTER THE EFFECTIVE
DATE OF THIS SUBDIVISION.
  D. (1) EACH EDUCATIONAL AGENCY SHALL BE ABLE TO OPT-OUT OF HAVING  THE
STUDENT  DATA  OR  TEACHER  OR  PRINCIPAL DATA THAT THEY ARE REQUIRED TO
REPORT TO THE DEPARTMENT THROUGH STATE OR FEDERAL LAW OR REGULATION FROM
BEING UPLOADED BY THE DEPARTMENT TO THE  DEPARTMENT'S  EDUCATIONAL  DATA
PORTAL.
  (2)  NOTHING  IN  THIS  PARAGRAPH SHALL ALLOW AN EDUCATIONAL AGENCY TO
FAIL TO COMPLY WITH ANY  STUDENT  DATA  OR  TEACHER  OR  PRINCIPAL  DATA
REPORTING REQUIREMENTS TO THE DEPARTMENT AS REQUIRED BY STATE OR FEDERAL
LAW OR REGULATION.
  E.  THE  CHIEF  PRIVACY  OFFICER  SHALL MAKE PUBLICLY AVAILABLE ON THE
DEPARTMENT'S WEBSITE A COMPLETE LIST OF ALL STUDENT OR TEACHER OR  PRIN-
CIPAL  DATA ELEMENTS COLLECTED WITH AN EXPLANATION AND/OR LEGAL OR REGU-
LATORY AUTHORITY OUTLINING THE REASONS SUCH DATA ELEMENTS ARE COLLECTED.
  F. (1) EACH THIRD PARTY  CONTRACTOR  THAT  RECEIVES  STUDENT  DATA  OR
TEACHER OR PRINCIPAL DATA PURSUANT TO A CONTRACT OR OTHER WRITTEN AGREE-
MENT  WITH AN EDUCATIONAL AGENCY SHALL BE REQUIRED TO NOTIFY SUCH EDUCA-
TIONAL AGENCY OF ANY BREACH OF SECURITY  RESULTING  IN  AN  UNAUTHORIZED
RELEASE  OF  SUCH  DATA IN VIOLATION OF APPLICABLE STATE OR FEDERAL LAW,
THE PARENTS BILL OF RIGHTS FOR STUDENT DATA PRIVACY  AND  SECURITY,  THE
DATA  PRIVACY  AND  SECURITY  POLICIES  OF THE EDUCATIONAL AGENCY AND/OR
BINDING CONTRACTUAL OBLIGATIONS RELATING TO DATA PRIVACY  AND  SECURITY,
IN  THE  MOST  EXPEDIENT  WAY POSSIBLE AND WITHOUT REASONABLE DELAY. THE
EDUCATIONAL AGENCY SHALL, UPON NOTIFICATION BY THE THIRD PARTY  CONTRAC-
TOR,  BE REQUIRED TO REPORT TO THE CHIEF PRIVACY OFFICER ANY SUCH BREACH
OF SECURITY AND UNAUTHORIZED RELEASE OF SUCH DATA  AND  TO  REPORT  SUCH
BREACH AND UNAUTHORIZED RELEASE TO LAW ENFORCEMENT IN THE MOST EXPEDIENT
WAY POSSIBLE AND WITHOUT UNREASONABLE DELAY.
  (2) IN THE CASE OF AN UNAUTHORIZED RELEASE OF STUDENT DATA, THE EDUCA-
TIONAL  AGENCY, OR THE THIRD PARTY CONTRACTOR INVOLVED, SHALL NOTIFY THE
PARENT OR ELIGIBLE STUDENT OF THE UNAUTHORIZED RELEASE OF  STUDENT  DATA

S. 6007                             5

THAT  INCLUDES  PERSONALLY  IDENTIFIABLE  INFORMATION  FROM  THE STUDENT
RECORDS OF SUCH STUDENT IN THE MOST EXPEDIENT WAY POSSIBLE  AND  WITHOUT
UNREASONABLE DELAY. IN THE CASE OF AN UNAUTHORIZED RELEASE OF TEACHER OR
PRINCIPAL  DATA,  THE  EDUCATIONAL AGENCY, OR THE THIRD PARTY CONTRACTOR
INVOLVED, SHALL NOTIFY EACH AFFECTED TEACHER OR PRINCIPAL OF  THE  UNAU-
THORIZED  RELEASE OF DATA THAT INCLUDES PERSONALLY IDENTIFIABLE INFORMA-
TION FROM THE TEACHER OR  PRINCIPAL'S  ANNUAL  PROFESSIONAL  PERFORMANCE
REVIEW  IN  THE  MOST  EXPEDIENT  WAY  POSSIBLE AND WITHOUT UNREASONABLE
DELAY.
  (3) FAILURE TO  NOTIFY  AGAINST  PUBLIC  POLICY.  (I)  A  THIRD  PARTY
CONTRACTOR  SHALL  NOT  FAIL TO NOTIFY THE EDUCATIONAL AGENCY OR PARENT,
ELIGIBLE STUDENT, TEACHER OR PRINCIPAL, AS APPLICABLE, IN THE MOST EXPE-
DIENT WAY POSSIBLE AND WITHOUT UNREASONABLE DELAY.
  (II) EACH VIOLATION OF CLAUSE (I) OF THIS SUBPARAGRAPH  SHALL  CONSTI-
TUTE A CLASS E FELONY, AND SHALL BE PUNISHABLE BY A CIVIL PENALTY OF THE
GREATER  OF  FIVE  THOUSAND DOLLARS OR UP TO TEN DOLLARS PER INSTANCE OF
FAILED NOTIFICATION, PROVIDED THAT THE LATTER AMOUNT  SHALL  NOT  EXCEED
ONE HUNDRED FIFTY THOUSAND DOLLARS.
  G. IF THE CHIEF PRIVACY OFFICER DETERMINES THAT A THIRD PARTY CONTRAC-
TOR,  IN  VIOLATION OF APPLICABLE STATE OR FEDERAL LAW, THE DATA PRIVACY
AND SECURITY POLICIES OF THE EDUCATIONAL AGENCY AND/OR BINDING  CONTRAC-
TUAL  OBLIGATIONS RELATING TO DATA PRIVACY AND SECURITY, HAS RE-RELEASED
ANY STUDENT DATA OR TEACHER OR PRINCIPAL DATA RECEIVED  FROM  AN  EDUCA-
TIONAL  AGENCY  TO ANY PERSON OR ENTITY NOT AUTHORIZED BY LAW TO RECEIVE
SUCH DATA PURSUANT TO A LAWFUL SUBPOENA OR OTHERWISE, THE CHIEF  PRIVACY
OFFICER,  AFTER  AFFORDING THE THIRD PARTY CONTRACTOR WITH NOTICE AND AN
OPPORTUNITY TO BE HEARD, SHALL BE AUTHORIZED TO:
  (1) ORDER THAT THE THIRD PARTY CONTRACTOR BE PRECLUDED FROM  ACCESSING
STUDENT  DATA  OR  TEACHER  OR  PRINCIPAL  DATA, AS APPLICABLE, FROM THE
EDUCATIONAL AGENCY FROM WHICH THE CONTRACTOR OBTAINED THE DATA THAT  WAS
IMPROPERLY DISCLOSED FOR A FIXED PERIOD OF UP TO FIVE YEARS; AND/OR
  (2)  ORDER  THAT A THIRD PARTY CONTRACTOR WHO KNOWINGLY AND RECKLESSLY
ALLOWS FOR THE UNAUTHORIZED RELEASE OF STUDENT DATA OR TEACHER OR  PRIN-
CIPAL  DATA BE PRECLUDED FROM ACCESSING STUDENT DATA OR TEACHER OR PRIN-
CIPAL DATA FROM ANY EDUCATIONAL AGENCY IN THE STATE FOR A  FIXED  PERIOD
OF UP TO FIVE YEARS; AND/OR
  (3) ORDER, IN THE CASE OF AN EDUCATIONAL AGENCY THAT IS A PUBLIC AGEN-
CY  SUBJECT  TO  COMPETITIVE  BIDDING  REQUIREMENTS,  THAT A THIRD PARTY
CONTRACTOR WHO KNOWINGLY AND  RECKLESSLY  ALLOWS  FOR  THE  UNAUTHORIZED
RELEASE  OF  STUDENT  DATA  OR TEACHER OR PRINCIPAL DATA, THAT THE THIRD
PARTY CONTRACTOR SHALL NOT BE DEEMED A RESPONSIBLE BIDDER OR OFFERER  ON
ANY  CONTRACT  WITH  THE  EDUCATIONAL  AGENCY  FROM WHICH THE CONTRACTOR
OBTAINED THE DATA THAT WAS IMPROPERLY DISCLOSED THAT INVOLVES THE  SHAR-
ING  OF  STUDENT  DATA  OR  TEACHER OR PRINCIPAL DATA, AS APPLICABLE FOR
PURPOSES OF THE PROVISIONS OF SECTION ONE HUNDRED THREE OF  THE  GENERAL
MUNICIPAL  LAW  OR PARAGRAPH C OF SUBDIVISION TEN OF SECTION ONE HUNDRED
SIXTY-THREE OF THE STATE FINANCE LAW, AS APPLICABLE, FOR A FIXED  PERIOD
OF UP TO FIVE YEARS; AND/OR
  (4)  REQUIRE  THE  THIRD  PARTY  CONTRACTOR TO PROVIDE TRAINING AT THE
CONTRACTOR'S EXPENSE ON THE FEDERAL AND STATE  LAW  GOVERNING  CONFIDEN-
TIALITY  OF  STUDENT  DATA  AND/OR  TEACHER  OR  PRINCIPAL  DATA AND THE
PROVISIONS OF THIS SUBDIVISION TO ALL ITS OFFICERS  AND  EMPLOYEES  WITH
ACCESS  TO  SUCH  DATA,  PRIOR  TO BEING PERMITTED TO RECEIVE SUBSEQUENT
ACCESS TO SUCH DATA FROM THE EDUCATIONAL AGENCY FROM WHICH THE  CONTRAC-
TOR  OBTAINED  THE DATA THAT WAS IMPROPERLY DISCLOSED OR FROM ANY EDUCA-
TIONAL AGENCY; AND/OR

S. 6007                             6

  (5) IF IT IS DETERMINED THAT THE UNAUTHORIZED RELEASE OF STUDENT  DATA
OR  TEACHER  OR PRINCIPAL DATA ON THE PART OF THE THIRD PARTY CONTRACTOR
WAS INADVERTENT AND DONE WITHOUT INTENT OR GROSS NEGLIGENCE, THE COMMIS-
SIONER MAY DETERMINE THAT NO PENALTY BE  ISSUED  UPON  THE  THIRD  PARTY
CONTRACTOR.
  H.  THE  COMMISSIONER, IN CONSULTATION WITH THE CHIEF PRIVACY OFFICER,
SHALL PROMULGATE REGULATIONS ESTABLISHING PROCEDURES  TO  IMPLEMENT  THE
PROVISIONS  OF THIS SUBDIVISION, INCLUDING BUT NOT LIMITED TO PROCEDURES
FOR THE SUBMISSION OF COMPLAINTS FROM PARENTS AND/OR PERSONS IN PARENTAL
RELATION TO STUDENTS, CLASSROOM  TEACHERS  OR  BUILDING  PRINCIPALS,  OR
OTHER  STAFF  OF  AN  EDUCATIONAL AGENCY, MAKING ALLEGATIONS OF IMPROPER
DISCLOSURE OF STUDENT DATA AND/OR TEACHER OR PRINCIPAL DATA BY  A  THIRD
PARTY CONTRACTOR OR ITS OFFICERS OR EMPLOYEES THAT MAY BE SUBJECT TO THE
SANCTIONS  SET FORTH IN PARAGRAPH G OF THIS SUBDIVISION. UPON RECEIPT OF
A COMPLAINT OR  OTHER  INFORMATION  INDICATING  THAT  SUCH  AN  IMPROPER
DISCLOSURE  BY  A  THIRD  PARTY  CONTRACTOR MAY HAVE OCCURRED, THE CHIEF
PRIVACY OFFICER SHALL BE AUTHORIZED TO INVESTIGATE, VISIT,  EXAMINE  AND
INSPECT  THE  THIRD  PARTY CONTRACTOR'S FACILITIES AND RECORDS AND ISSUE
ANY SUBPOENAS DEEMED NECESSARY TO OBTAIN DOCUMENTATION FROM, OR  REQUIRE
THE  TESTIMONY OF, ANY PARTY RELATING TO THE ALLEGED IMPROPER DISCLOSURE
OF STUDENT DATA OR TEACHER OR PRINCIPAL DATA.
  I. THE COMMISSIONER, IN CONSULTATION WITH THE CHIEF  PRIVACY  OFFICER,
SHALL  PROMULGATE  REGULATIONS ESTABLISHING MINIMUM STANDARDS FOR EDUCA-
TIONAL AGENCY DATA SECURITY AND PRIVACY POLICIES AND SHALL  DEVELOP  ONE
OR MORE MODEL POLICIES FOR USE BY EDUCATIONAL AGENCIES. EACH EDUCATIONAL
AGENCY,  BY  NO  LATER THAN NINETY DAYS AFTER THE EFFECTIVE DATE OF THIS
SUBDIVISION, SHALL ENSURE THAT IT HAS A  POLICY  ON  DATA  SECURITY  AND
PRIVACY  IN  PLACE  THAT IS CONSISTENT WITH APPLICABLE STATE AND FEDERAL
LAWS AND APPLIES TO STUDENT DATA AND, WHERE APPLICABLE,  TO  TEACHER  OR
PRINCIPAL  DATA.  SUCH  POLICY  SHALL BE PUBLISHED ON THE WEBSITE OF THE
EDUCATIONAL AGENCY, IF SUCH EDUCATIONAL AGENCY HAS AN INTERNET  WEBSITE,
AND  NOTICE OF SUCH POLICY SHALL BE PROVIDED TO ALL OFFICERS AND EMPLOY-
EES OF THE EDUCATIONAL AGENCY. AS APPLIED TO STUDENT DATA,  SUCH  POLICY
SHALL  PROVIDE  ALL  PROTECTIONS  AFFORDED  TO  PARENTS  AND  PERSONS IN
PARENTAL RELATIONSHIPS, OR STUDENTS WHERE APPLICABLE, REQUIRED UNDER THE
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT, SECTION TWELVE HUNDRED  THIR-
TY-TWO-G OF TITLE TWENTY OF THE UNITED STATES CODE, WHERE APPLICABLE THE
INDIVIDUALS  WITH DISABILITIES EDUCATION ACT, SECTIONS FOURTEEN HUNDRED,
ET. SEQ. OF TITLE TWENTY OF THE UNITED  STATES  CODE,  AND  THE  FEDERAL
REGULATIONS  IMPLEMENTING  SUCH  STATUTES. EACH EDUCATIONAL AGENCY SHALL
ENSURE THAT IT HAS IN PLACE PROVISIONS IN ITS CONTRACTS WITH THIRD PARTY
CONTRACTORS OR IN SEPARATE DATA SHARING AND  CONFIDENTIALITY  AGREEMENTS
THAT  REQUIRE THAT CONFIDENTIALITY OF THE SHARED STUDENT DATA OR TEACHER
OR PRINCIPAL DATA BE MAINTAINED IN ACCORDANCE WITH FEDERAL AND STATE LAW
AND THE EDUCATIONAL AGENCY'S POLICY ON DATA SECURITY AND PRIVACY.
  J. EACH EDUCATIONAL AGENCY THAT ENTERS INTO A CONTRACT OR OTHER  WRIT-
TEN  AGREEMENT WITH A THIRD PARTY CONTRACTOR UNDER WHICH THE THIRD PARTY
CONTRACTOR WILL RECEIVE STUDENT DATA OR TEACHER OR PRINCIPAL DATA  SHALL
ENSURE  THAT  SUCH  CONTRACT  OR  AGREEMENT  INCLUDE A DATA SECURITY AND
PRIVACY PLAN THAT OUTLINES HOW ALL STATE, FEDERAL, AND LOCAL DATA  SECU-
RITY AND PRIVACY CONTRACT REQUIREMENTS WILL BE IMPLEMENTED OVER THE LIFE
OF THE CONTRACT, CONSISTENT WITH THE EDUCATIONAL AGENCY'S POLICY ON DATA
SECURITY  AND PRIVACY. SUCH PLAN SHALL INCLUDE, BUT SHALL NOT BE LIMITED
TO, A SIGNED COPY OF THE PARENTS BILL OF RIGHTS  FOR  DATA  PRIVACY  AND
SECURITY,  AND A REQUIREMENT THAT ANY OFFICERS OR EMPLOYEES OF THE THIRD
PARTY CONTRACTOR WHO HAVE ACCESS TO STUDENT DATA OR TEACHER OR PRINCIPAL

S. 6007                             7

DATA HAVE RECEIVED OR WILL RECEIVE TRAINING ON THE FEDERAL AND STATE LAW
GOVERNING CONFIDENTIALITY OF SUCH DATA PRIOR TO RECEIVING ACCESS.
  K.  (1)(I)  EACH VIOLATION OF ANY PROVISION OF THIS SECTION BY A THIRD
PARTY CONTRACTOR SHALL BE PUNISHABLE BY A CIVIL PENALTY  OF  UP  TO  ONE
THOUSAND  DOLLARS; A SECOND VIOLATION BY THE SAME THIRD PARTY CONTRACTOR
INVOLVING THE SAME STUDENT DATA OR TEACHER OR PRINCIPAL  DATA  SHALL  BE
PUNISHABLE BY A CIVIL PENALTY OF UP TO FIVE THOUSAND DOLLARS; ANY SUBSE-
QUENT  VIOLATION  BY  THE SAME THIRD PARTY CONTRACTOR INVOLVING THE SAME
STUDENT DATA OR TEACHER OR PRINCIPAL DATA SHALL BE PUNISHABLE BY A CIVIL
PENALTY OF UP TO TEN THOUSAND DOLLARS.
  (II) EACH VIOLATION OF THIS SUBDIVISION SHALL BE CONSIDERED A SEPARATE
VIOLATION FOR PURPOSES OF CIVIL PENALTIES.
  (2) THE ATTORNEY GENERAL SHALL HAVE THE AUTHORITY TO  ENFORCE  COMPLI-
ANCE WITH THIS SECTION BY INVESTIGATION AND SUBSEQUENT COMMENCEMENT OF A
CIVIL ACTION TO SEEK CIVIL PENALTIES FOR VIOLATIONS OF THIS SECTION, AND
TO  SEEK  APPROPRIATE  INJUNCTIVE  RELIEF. IN CARRYING OUT SUCH INVESTI-
GATION AND IN MAINTAINING SUCH CIVIL ACTION LOCAL  LAW  ENFORCEMENT  ARE
AUTHORIZED  TO SUBPOENA WITNESSES, COMPEL THEIR ATTENDANCE, EXAMINE THEM
UNDER OATH AND REQUIRE THAT ANY BOOKS, RECORDS,  DOCUMENTS,  PAPERS,  OR
ELECTRONIC  RECORDS  RELEVANT  OR MATERIAL TO THE INQUIRY BE TURNED OVER
FOR INSPECTION, EXAMINATION OR AUDIT, PURSUANT TO THE CIVIL PRACTICE LAW
AND RULES.
  (3) NOTHING CONTAINED IN THIS SUBDIVISION SHALL BE CONSTRUED AS CREAT-
ING A PRIVATE RIGHT OF ACTION AGAINST THE DEPARTMENT OR  AN  EDUCATIONAL
AGENCY.
  L.  NOTHING  IN  THIS  SECTION  SHALL  LIMIT THE ADMINISTRATIVE USE OF
STUDENT DATA OR TEACHER OR PRINCIPAL DATA BY A PERSON ACTING EXCLUSIVELY
IN THE PERSON'S CAPACITY AS AN EMPLOYEE OF AN EDUCATIONAL AGENCY  OR  OF
THE STATE OR ANY OF ITS POLITICAL SUBDIVISIONS, ANY COURT OR THE FEDERAL
GOVERNMENT THAT IS OTHERWISE REQUIRED BY LAW.
  S  2.  Subdivision  7  of section 156.00 of the penal law, as added by
chapter 558 of the laws of 2006, is amended and three  new  subdivisions
10, 11 and 12 are added to read as follows:
  7.  "Access"  means  to  instruct,  communicate  with,  store data in,
retrieve from, or otherwise make use of any  resources  of  a  computer,
physically,  directly or by electronic means; INCLUDING DISSEMINATION OF
DATA.
  10. "EDUCATIONAL AGENCY" MEANS AN EDUCATIONAL AGENCY AS SUCH  TERM  IS
DEFINED  IN SUBDIVISION FORTY-THREE OF SECTION THREE HUNDRED FIVE OF THE
EDUCATION LAW. AN EDUCATIONAL AGENCY AS SO DEFINED  SHALL  BE  DEEMED  A
GOVERNMENTAL INSTRUMENTALITY FOR PURPOSES OF THIS ARTICLE.
  11. "THIRD PARTY CONTRACTOR" MEANS A THIRD PARTY CONTRACTOR AS DEFINED
IN  SUBDIVISION  FORTY-THREE OF SECTION THREE HUNDRED FIVE OF THE EDUCA-
TION LAW.
  12. "EDUCATIONAL  COMPUTER  MATERIAL"  MEANS  PERSONALLY  IDENTIFIABLE
INFORMATION  FROM  STUDENT  RECORDS  OR CONFIDENTIAL ANNUAL PROFESSIONAL
PERFORMANCE REVIEWS OF CLASSROOM TEACHERS OR  PRINCIPALS,  OF  A  SCHOOL
DISTRICT, BOARD OF COOPERATIVE EDUCATIONAL SERVICES, SCHOOL, INSTITUTION
OF HIGHER EDUCATION, OR THE STATE EDUCATION DEPARTMENT.
  S 3. Section 156.30 of the penal law, as amended by chapter 590 of the
laws of 2008, is amended to read as follows:
S 156.30 Unlawful  duplication of computer related material in the first
           degree.
  A person is guilty of unlawful duplication of computer related MATERI-
AL in the first degree [material] when having no right to do so,  he  or
she copies, reproduces or duplicates in any manner:

S. 6007                             8

  1. any computer data or computer program and thereby intentionally and
wrongfully  deprives  or  appropriates from an owner thereof an economic
value or benefit in excess of two thousand five hundred dollars;[or]
  2.  any  computer data or computer program with an intent to commit or
attempt to commit or further the commission of any felony[.]; OR
  3. EDUCATIONAL COMPUTER MATERIAL WITH THE  INTENT  TO  DISSEMINATE  IN
VIOLATION OF SECTION THREE HUNDRED FIVE OF THE EDUCATION LAW.
  Unlawful  duplication of computer related material in the first degree
is a class E felony.
  S 4. Section 165.45 of the penal law is amended by adding a new subdi-
vision 8 to read as follows:
  8. THE PROPERTY CONSISTS OF EDUCATIONAL COMPUTER MATERIAL  AS  DEFINED
IN ARTICLE ONE HUNDRED FIFTY-SIX OF THIS CHAPTER.
  S  5.  This  act shall take effect on the ninetieth day after it shall
have become a law, provided,  however,  the  commissioner  of  education
shall  within  one  hundred  twenty days after it shall have become law,
develop a parents bill of rights for student data privacy and security.

Comments

Open Legislation comments facilitate discussion of New York State legislation. All comments are subject to moderation. Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity or hate speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Comment moderation is generally performed Monday through Friday.

By contributing or voting you agree to the Terms of Participation and verify you are over 13.