Parent Resources for Online Student Safety and Privacy
Student Privacy Laws
Student Online Personal Protection Act (SOPPA)
Effective July 1, 2021, school districts will be required by the Student Online Personal Protection Act (SOPPA) to provide additional guarantees that student data is protected when collected by educational technology companies, and that data is used for beneficial purposes only (105 ILCS 85). SOPPA applies to all Illinois school districts, the Illinois State Board of Education, and operators of online services and applications.
School districts must:
- Enter into written agreements with all K-12 service providers who collect student data.
- Implement and maintain reasonable security practices. Agreements with vendors in which information is shared must include a provision that the vendor maintains reasonable security procedures and practices.
- Post on their website:
- A list of all operators of online services or applications utilized by the district (annually).
- All data elements that the school collects, maintains, or discloses to any entity (annually). This information must also explain how the school uses the data, and to whom and why it discloses the data.
- Contracts for each operator within 10 days of signing.
- Subcontractors for each operator (annually).
- The process for how parents can exercise their rights to inspect, review and correct information maintained by the school, operator, or ISBE.
- Data breaches within 10 days and notify parents within 30 days.
- Create a policy for who can sign contracts with operators.
SOPPA affects personally identifiable information (PII), material that is linked to PII, and material in any media or format that is not publically available and is any of the following:
- Created by or provided to an operator by a student or the student's parent in the course of the student's, parent's, or legal guardian's use of the operator's site, service, or application for K-12 school purposes.
- Created by or provided to an operator by an employee or agent of a school or school district for K-12 school purposes.
- Gathered by an operator through the operation of its site, service, or application for K-12 school purposes and personally identifies a student.
Family Educational Rights and Privacy Act (FERPA)
The foundational federal law on the privacy of students’ educational records, FERPA safeguards student privacy by limiting who may access student records, specifying for what purpose they may access those records, and detailing what rules they have to follow when accessing the data.
Children’s Online Privacy Protection Act (COPPA)
COPPA regulates how commercial entities may collect and use information collected online from children under age 13, including the rules about parental consent.
Children’s Internet Protection Act (CIPA)
CIPA requires K–12 schools and libraries receiving federal discounts for internet access to implement internet safety policies that prevent students from accessing inappropriate and/or harmful materials and that protect against the unauthorized disclosure, use, and dissemination of minors’ personal information.
Protection of Pupil Rights Amendment (PPRA)
PPRA defines the rules states and school districts must follow when administering tools like surveys, analyses, and evaluations funded by the US Department of Education to students. It requires parental approval to administer many such tools and ensures that school districts have policies in place regarding how the data collected through these tools can be used.
District Online Services and Applications
If a parent/guardian would like to inspect, review and correct information maintained by the school, operator, or ISBE, please email DataPrivacy@pennoyerschool.org. Please include your child’s name, birthday, and the information you wish to inspect, review or correct.