Complying with any form of regulation can be difficult, but it’s especially important for New York State school districts to stay up to date with Education Law 2-D. This system has undergone some updates since inception — are you sure you’re still compliant?
What Is NYS Education Law 2-d?
First enacted in 2014, Education Law 2-D opens in a new window was developed to protect the personally identifiable information (PII) of students and education professionals. The intention was to better protect this data as it was collected, accessed, and stored in centralized school board databases, which were becoming targets for more and more sophisticated cyber-attacks.
In 2019, new additions to Education Law 2-d were proposed, including the adoption of the National Institute for Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity opens in a new window Version 1.1 (CSF, or Cybersecurity Framework). Furthermore, school districts must appoint at least one “protection officer”, similar to information security roles defined in HIPAA compliance for the healthcare industry.
Are you sure you’re compliant with Education Law 2-D? If your last review was in 2014, you may not have kept up with the more recent developments.
3 Tips for Managing Your Education Law Compliance
These tips will both help to give you a clearer idea of where your organization currently stands, and help you better understand your obstacles as you prepare to make the changes needed to reach compliance.
Delegate Important Roles: Someone on your staff, or your IT support provider, should be taking on the role of Privacy and Security Officer for your organization. While not specifically asked for, you’ll also need to have members of your team handling compliance documentation.
Individuals with good organizational and writing skills are needed in this position, given that documenting your actions is a substantial requirement of education law compliance.
Gather Necessary Information Through Assessment: You can’t make any of the necessary changes to your current education law compliance if you don’t know your current situation. Whomever you delegate as the compliance officer will need to start by gathering crucial information about the state of your compliance. This is one way in which your IT partner can be so helpful.
An IT company like Sourcepass that specializes in education law compliance offers assessment and audit services that double-check an organization’s compliance against widely accepted best practices.
Train Your Employees: One the right organizations and policies are in place, the last part of your cybersecurity defense that needs attention is you and your employees.
A comprehensive compliance and cybersecurity training program will teach your staff how to handle a range of potential situations including:
How to participate in the compliance management process,
How to identify and address suspicious emails, phishing attempts, and social engineering tactics,
How to use business technology without exposing patient data and other assets to external threats by accident,
How to respond when you suspect that your organization is non-compliant.
Don’t put your compliance at risk. Work with a qualified partner to develop an assessment, strategy, remediation plan, and on-going compliance management process to improve the efficiency and effectiveness of your program.
Michael Ducsak is the Sourcepass Chief Information Security Officer. Reach out to Michael at (877) 678-8080.