Laura Samulski-Peters
Data Protection Officer

DataPrivacy

All vendors and community partners who will need access to Student PII (including digital or paper-based) or Teacher APPR must complete a Data Privacy Agreement. This form includes information pertaining to the purpose of the data collection, subcontractor oversight, contract duration, data destruction, data accuracy, data protection, and encryption practices. If your company is a member of the A4L Student Data Privacy Consortium, please email DataPrivacy@buffaloschools.org before submitting this form.

To ensure a smooth process, please include the following:

• DO ensure that you are legally authorized to sign on behalf of your company/organization;

• DO include the BPS District Contact (a BPS staff member);

• DO discuss with your district contact which types of information you are approved to access and identify only those under Data Requested;

• DO discuss with your district contact what sources you are approved to access and identify only those under Data Sources Requested (BPS emails are reserved for vendors providing direct services on behalf of the district);

• DO include a valid Start Date: Use the start date of your contract or agreement (MOU) for services with the district (the date should not be before the date of your signature- no backdating);

• DO include a valid End Date: Please use the end date of June 30 of the following year unless your contract ends before that date and then you will use the end date of your contract or agreement (MOU) for services with district;

• DO NOT include any links within your responses but include all information in the written narrative response or as an exhibit with references (DO NOT overfill textboxes by using lengthy bullets or copy/paste text into the form);

• DO NOT provide N/A as a response but provide a brief explanation instead. 

Once approved, you will receive notifications through Adobe sign as we execute the agreement. Please note that it is the responsibility of the Vendor completing the DPA to ensure that all third-party subcontractors comply with Ed Law 2D. BPS will not negotiate DPA terms with third-party vendors.

If your legal team requires redlines, please contact DataPrivacy directly by email to request a redline copy and DO NOT cc any other BPS staff on your request.

The New York State Education Law 2D requires all school districts to take all measures necessary to protect students’ Personally Identifiable Information (PII). Student PII includes any information that can identify a student including their name, grade, gender, birthdate, Parents/Caregivers name, race/ethnicity, special education status, address and phone number.

Beginning February 1, 2025, all BPS Parents/Caregivers will be required to provide a (PIN) Personal ID Number when calling the school for ANY student information. Each student has been assigned a four-digit PIN that must be provided to receive information over the phone. This includes information on whether your child is in attendance.

Caregivers will receive their PIN on the student’s report card and each student’s PIN is available in the Infinite Campus Parent Portal (“backpack”). School Clerks will change a student’s Data Privacy PIN any time that there is a change in custody or if a Caregiver contacts them in-person to request a reset because they believe that their student’s PIN has been compromised. Each child in your household has their own unique PIN.

Direct any parent/guardian or agency staff feedback to: Dr. Laura Samulski-Peters Assistant Superintendent/Data Protection Officer. Email | lsamulski-peters

• How to find a Student Data Privacy PIN in Parent Portal

• How to Access Parent Portal/Create an Account

• How to Access a Student Data Privacy PIN for Staff

Parents' Bill of Rights
The purpose of the BPS Parents’ Bill of Rights is to provide information to parents (which also include legal guardians or persons in parental relation to a student, but generally not the parents of a student who is age eighteen or over) and eligible students about certain legal requirements that protect personally identifiable information pursuant to state and federal laws

If you have a complaint regarding the unauthorized disclosure of student Personal Identifiable Information (PII) please complete the following form (Unauthorized Disclosure Complaint). You MUST submit one form per student.

Parents and Caregivers must notify the district in writing by September 30th of the current school year if they do not want any of the following information disclosed without prior consent. This will be shared with your child's school each year.

• Student Name

• Address

• Telephone Number

• Date of Birth/Place of Birth

• Honors and Awards

• Attendance Information

All requests must include the student's name, ID number, current school, and contact information of person requesting.

Mail To:
Office of Shared Accountability
Attn: Data Protection Officer
425 South Park Avenue
Buffalo, NY 14204

Family Educational Rights and Privacy Act (FERPA)
Family Educational Rights and Privacy Act (FERPA): The foundational federal law on the privacy of students’ educational records, FERPA safeguards student privacy by limiting who may access student records, specifying for what purpose they may access those records, and detailing what rules they have to follow when accessing the data.

Health Insurance Portability and Accountability Act (HIPAA)
Health Insurance Portability and Accountability Act (HIPAA) affords parents/caregivers and students over 18 years of age (eligible students) certain rights with respect to the student's education records.

Children's Online Privacy Protection Act (COPPA)
Children's Online Privacy Protection Act (COPPA): imposes certain requirements on operators of websites, games, mobile apps or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.

Protection of Pupil Rights Amendment (PPRA)
Protection of Pupil Rights Amendment (PPRA): defines the rules states and school districts must follow when administering tools like surveys, analysis, and evaluations funded by the US Department of Education to students. It requires parental/caregiver approval to administer many such tools and ensures that school districts have policies in place regarding how the data collected through these tools can be used.

If you have a complaint regarding the unauthorized disclosure of Student or Staff Personal Identifiable Information (PII) please send an email from your BPS staff account to Data Privacy. Please include ONLY the following text, your name, and NO additional details:

“I believe a data breach has occurred.  Please contact me at (provide your extension or phone number) to discuss this further.“

Someone from the Data Protection Office will contact you shortly.

Staff Secure Document Sharing
Provides directions on sharing documents securely through email with Microsoft OneDrive.

Staff App/Web App Approval Request (Team Dynamix)
A Team Dynamix ticket must be completed for any currently unapproved free (or teacher purchased) App/Web App that you would like to use with BPS students that is NOT provided by the district. Please check the lists of approved vendors and service providers at the bottom of the page and the Staff App/Web App Request List before submitting a ticket. The Data Privacy office will work to verify if the App/Web App uses student personally identifiable information (PII), which includes direct identifiers such as a student’s name or identification number, parent’s name, email or address, etc. (DO NOT submit software or driver requests); and indirect identifiers such as a student’s date of birth, mother's maiden name, etc., which when linked to or combined with other information can be used to distinguish or trace a student’s identity. We MUST have a Data Privacy Agreement (DPA) on file if PII can potentially be accessed by the vendor.

List of Approved Vendors (DPIT) List of Approved Vendors (SDPC) Staff App-Web App Request List
List of all current third party contractors that are able to receive student data and/or teacher or principal data from Buffalo Public Schools or Exempt due to the services of provided. Please note that these lists are updated periodically. Please check all three lists regularly for updates to products and/or services before contacting our office.

BPS Data Privacy Board Policies
The District values the protection of private information of individuals in accordance with applicable law, regulations, and best practices.