Data Privacy

Parent and Caregiver Information

Parents' Bill of Rights

Parents' Bill of Rights
The purpose of the BPS Parents’ Bill of Rights is to provide information to parents (which also include legal guardians or persons in parental relation to a student, but generally not the parents of a student who is age eighteen or over) and eligible students about certain legal requirements that protect personally identifiable information pursuant to state and federal laws.   

Opt out

Parents and Caregivers must notify, in writing, the district in writing by September 30th of the current school year if they do not want any of the following information disclosed without prior consent. This will be shared with your child's school each year.

  • Student Name

  • Address

  • Telephone Number

  • Date of Birth/Place of Birth

  • Honors and Awards

  • Attendance Information

All requests must include the student's name, ID number, current school, and contact information of person requesting.

Please mail to:

Office of Shared Accountability
Attn: Data Protection Officer
425 South Park Avenue
Buffalo, NY 14204

Federal Laws That Protect Students

Family Educational Rights and Privacy Act (FERPA)
Family Educational Rights and Privacy Act (FERPA): The foundational federal law on the privacy of students’ educational records, FERPA safeguards student privacy by limiting who may access student records, specifying for what purpose they may access those records, and detailing what rules they have to follow when accessing the data.

Health Insurance Portability and Accountability Act (HIPAA)
Health Insurance Portability and Accountability Act (HIPAA) affords parents/caregivers and students over 18 years of age (eligible students) certain rights with respect to the student's education records.

Children's Online Privacy Protection Act (COPPA)
Children's Online Privacy Protection Act (COPPA): imposes certain requirements on operators of websites, games, mobile apps or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.

Protection of Pupil Rights Amendment (PPRA)
Protection of Pupil Rights Amendment (PPRA): defines the rules states and school districts must follow when administering tools like surveys, analysis, and evaluations funded by the US Department of Education to students. It requires parental/caregiver approval to administer many such tools and ensures that school districts have policies in place regarding how the data collected through these tools can be used.

Parent/Caregiver Complaints

If you have a complaint regarding the unauthorized disclosure of student Personal Identifiable Information (PII) please complete the following form (Unauthorized Disclosure Complaint).

Staff Complaints

If you have a complaint regarding the unauthorized disclosure of Student or Staff Personal Identifiable Information (PII) please send an email from your BPS staff account to Please include ONLY the following text, your name, and NO additional details:

“I believe a data breach has occurred.  Please contact me at (provide your extension or phone number) to discuss this further.“

Someone from the Data Protection Office will contact you shortly.

Additional Information

List of Vendor Information
List of all current third party contractors that receive student data and/or teacher or principal data from Buffalo Public Schools.

Data Sharing Agreement
Data Sharing and Confidentiality Agreement template for vendors. This template includes information pertaining to the purpose of the data collection, subcontractor oversight, contract duration, data destruction, data accuracy, data protection, and encryption practices.

BPS Data Privacy Board Policies
The District values the protection of private information of individuals in accordance with applicable law, regulations, and best practices.

For questions about Data Privacy in the BPS, please contact:

Laura Samulski-Peters, Data Protection Officer