New York State Ed Law 2-d

Is Zotero doing this for any schools?

As of July 1st 2020, if vendors collect ANY personal student information, they must comply with the following requirements under New York State Ed Law 2-d part 121.

Vendor must sign a district contract that includes the following Ed Law 2-d requirements:
Data security and privacy plan
Cyber incident plan (breach response plan)
NIST Cyber Security Framework compliance
Limitation of access to personally identifiable information (PII) by personnel
No disclosure of PII to third parties for non-educational commercial purposes
Vendor must sign a Bill of Rights that includes the following Ed Law 2-d requirements:
The following “Supplemental Information” must be included:
Exclusive purpose for data use
Subcontractor oversight plan (training and management)
Contract effective date and contract duration
Data disposal plan
Data accuracy and correction practices
Security protections
Data location information
Encryption practices applied
Sign In or Register to comment.