Citizen Portal
Sign In

Lifetime Citizen Portal Access — AI Briefings, Alerts & Unlimited Follows

Get Lifetime Access

District outlines Ed Law 2-d compliance, incident reporting and technical safeguards

Iroquois Central School District Board of Education · April 16, 2026

Loading...

AI-Generated Content: All content on this page was generated by AI to highlight key points from the meeting. For complete details and context, we recommend watching the full video. so we can fix them.

Summary

District data-privacy officer Matt Jacobs briefed the board on Ed Law 2-d requirements, vendor contracts, mandatory staff training, incident reporting to the State Education Department and New York State Division of Homeland Security, and technical safeguards including Intune device management, email filtering and backups.

Matt Jacobs, who the district designated as its data-privacy officer, reviewed requirements under New York's Ed Law 2-d and the district's technical safeguards.

Jacobs said the law requires districts to adopt a data-privacy and security policy, designate a DPO, and have contracts with third-party vendors that spell out what data they access, where it is stored and how it will be deleted. "Any software that we use, we have those [agreements] in place," he said. Jacobs noted the parents' bill of rights and the district's obligation to allow parents to inspect educational records and to provide a complaint process.

On incident reporting, Jacobs said the district must notify the State Education Department and the New York State Division of Homeland Security for each incident; the district must also notify affected students and staff in a timely manner and document corrective actions.

He described technical controls the district uses: Microsoft Intune for device management, multi-factor authentication, firewall and spam filters (Fortinet and Microsoft), Microsoft Purview scanning of email and Teams messages for harmful content, nightly incremental backups and weekly full backups of servers, network segregation to limit lateral access, and a monthly vulnerability scan through BOCES'managed services. Jacobs also said the district follows data-minimization principles and limits teachers' use of third-party AI tools to a district-approved teacher-controlled system called "SchoolAI." "We block 99% of the different AI programs or try to at least," he said.

Board members asked about retention policies and what happens to student accounts after graduation; Jacobs said student OneDrive files are purged after about 90 days once accounts are disabled, and that long-term student records remain subject to separate record-retention rules.

What happens next: the district will continue staff training, review vendor contracts when services change and track required incident reports as specified by Ed Law 2-d.