Clear Track logo
Student Information Privacy Notice

 

Cleartrack 200 is a tool developed and maintained by the Broome Tioga BOCES and the SCRIC. As such, any data uploaded to the system is in the hands of an “educational agency.” As you may know, educational agencies are exempt from the strict compliance required of third-party contractors for data security and privacy required by New York Education Law §2-d. Nevertheless, we have adopted this protocol to assure Cleartrack 200/RTI Edge customers of our commitment to data security and privacy, protecting the confidentiality of student information under our stewardship. This Privacy Notice explains how we collect, share, use, and protect the student information within the systems and services that we manage on behalf of school districts.

Why do we collect student information?

The ClearTrack 200/RTI Edge Development Team has access to personally identifiable information on students and staff for the sole purpose of providing support to School Districts and sending health related data required for Medicaid reimbursement. Any data collected is necessary in order for districts to manage the day-to-day operations of their schools and comply with New York State reporting and billing requirements.

Can ClearTrack 200/RTI Edge provide access to student data?

Databases may reside on servers managed by SCRIC (South Central Regional Information Center) or other Regional Information Centers across New York State. All student data housed within these systems belongs to the respective school districts.

ClearTrack 200/RTI Edge will not release or provide access to student data to parents, students, other vendors or other unauthorized agencies, without the expressed consent of the school district that is responsible for the data. Requests for student information or access received by ClearTrack 200/RTI Edge from unauthorized parties will be referred to the respective school district for authorization.

If, for any reason, ClearTrack 200/RTI Edge intends to use student information in a manner different from that stated at the time of collection, we will notify the school district. School administration will have a choice as to whether or not ClearTrack 200/RTI Edge can use student information in such a way.

If students or parents wish to review, update or correct student information, they should follow the policies and procedures of their local school district.

What student information is collected?

Only student information relevant and necessary to the application is collected. No other student information is collected. The specific information that is collected includes Personally Identifiable Information (PII). PII is data that identifies a specific student, can be used to distinguish one student from another or be used in combination with other information to identify the student.

PII includes, but is not limited to, a student’s name, address, social security number, email, unique school identification number, student photos, individualized education programs (IEPs), testing and evaluations, medical records, date of birth, and any access codes or passwords that permit access to personal records. NOTE: ClearTrack 200/RTI Edge does not require SSNs, including for Medicaid Billing.

How is student information secured?

ClearTrack 200/RTI Edge is committed to protecting the personally identifiable information of students and maintaining its accuracy. ClearTrack 200/RTI Edge and the SCRIC implement physical, administrative, and technical safeguards to protect student information from unauthorized access, use and disclosure. Measures for protecting data include, but are not limited to:
  • Password protection and authentication to establish the identity of all persons accessing systems housing student data and at the appropriate level of authority.
  • Stringent account provisioning and deprovisioning and authorization procedures.
  • Encrypted transmission of student data.
  • Secured file structures limiting student information access to only authorized employees.
  • Privacy requirements incorporated into all contracts with vendors and consultants who come into contact with student data.
  • Software patches which may include security enhancements.
  • Regular privacy risk assessment and review of security and privacy controls.

ClearTrack 200/RTI Edge and the SCRIC also regularly promote awareness of student data security and privacy issues and trains staff on security and privacy standards. This includes participating in an annual training session for all SCRIC staff and managers regarding security and privacy policies, guidelines and practices. We consider data to be confidential and is not used for any purpose other than providing services on the district’s behalf.

Who else besides the school, the RIC, and ClearTrack 200/RTI Edge staff have access to student information?

Sometimes individuals and organizations outside the schools and ClearTrack 200/RTI Edge, such as software support teams and technical consultants, have access to student data by the nature of the work they do.

In these cases, ClearTrack 200/RTI Edge requires stringent contractual obligations (the same as the SCRIC) for security and privacy of student data in compliance with the New York State Common Core Implementation Reform Act of March, 2014. Contracts with these providers include the following stipulations:

    1.    Student information will be used solely for the purpose defined in the contract and related directly to supporting ClearTrack 200/RTI Edge. 
    2.    Student information will not be shared with any other entity or individual without the express permission of ClearTrack 200/RTI Edge (if authorized by the school district) unless required by statute or a court order.
    3.    Upon the expiration of the contract, the third party service provider will delete any electronic student data in its possession, will return any non-electronic documents containing student data that it has in its possession and will notify ClearTrack 200/RTI Edge when the data has been deleted or disposed.
    4.    Student information will be corrected upon request by ClearTrack 200/RTI Edge (if authorized by the school district) and ClearTrack 200/RTI Edge will be notified when the data has been corrected.
    5.    A description of the physical location of student information in the service provider’s possession must be provided, as well as a description of the administrative, technical and physical safeguards utilized to assure the privacy and security of student information in their possession and when transmitted.
    6.    Communication with ClearTrack 200/RTI Edge in no less than 24 hours of any data breach or in the event that student information is requested by legal authorities.
    7.    The service provider must comply with the Broome-Tioga BOCES Parents’ Bill of Rights for Data Privacy and Security, as required by New York State Education Law Section 2-d.
    8.    Access to student data within the third-party service provider is limited to those individuals that need such records or data to perform the services set forth in this contract.

How is the quality of student information managed?

School districts are solely responsible for the accuracy of the student data that their employees enter into and utilize within ClearTrack 200/RTI Edge.

New York State has defined a multi-level process for exporting student data to the New York State Education Department Student Information Repository System (SIRS database). The first step in this process is to import data to Level 0 of the system, resolve any errors that result and validate the accuracy of this data.

For Medicaid purposes, Broome-Tioga BOCES (Board of Cooperative Educational SO Le) Medicaid Service Bureau (MSB) adheres to a Medicaid Billing Compliance Program.  We ensure data encryption, and secure data transfer is used to move the data from school districts enrolled in eMedNY.

Is student data security and privacy monitored and enforced?

ClearTrack 200/RTI Edge monitors its privacy policies and practices, including this Privacy Notice, to ensure compliance with the most recent state and federal laws.
ClearTrack 200/RTI Edge also self-monitors to ensure that internal security and privacy processes and procedures meet the requirements described in this Notice. This includes processes for the regular assessment of risks and regular review of security and privacy procedures and documents.

What choices do students and parents have regarding the collection and use of student information?

All choices available to students and parents regarding the collection, use and disclosure of student information are governed by the policies and procedures of each student’s respective school district and are outside the jurisdiction of ClearTrack 200/RTI Edge. All requests received to opt-out or limit data collection, data use and information disclosure for a specific student will be referred to the school district of that student.

What if I have a complaint or dispute?

Inquiries, complaints, disputes or Freedom of Information requests concerning specific student data should be directed to the local school district(s) responsible for the student information.
If you have an inquiry, complaint, or dispute specific to ClearTrack 200/RTI Edge’s privacy policies or practices, please allow thirty (30) days for us to document and respond to your request. All documented inquiries, complaints and disputes will be collected and reviewed by SCRIC’s Security and Privacy Committee to determine whether appropriate actions were followed and to assess if changes to procedures and/or policies should be implemented to further improve SCRIC services. All submissions will be documented and cataloged and an appropriate response will be provided.

 Please send all inquiries, complaints or dispute information to: Dan Myers
              Acting SCRIC Chief Privacy Officer
              [email protected]
              607-766-3750

What if there is a data security breach?

If there is an accidental or an intrusive data security breach, ClearTrack 200/RTI Edge will adhere to Student Data Breach Protocol. Employees who become aware of a suspected or actual security breach must report the matter immediately as follows:

  • School district employees: Contact your superintendent’s office immediately.
  • SCRIC staff: Contact your manager immediately.
Copyright 2020 Broome Tioga BOCES, All Rights Reserved. CMS created by eSchoolView