The Student Online Personal Protection Act

(SOPPA)

 

What is SOPPA?

 

SOPPA is a state law that governs and protects the privacy and security of student data when it is shared with and collected by educational technology companies.  SOPPA regulates these companies that provide web-based sites, services, online and mobile applications that are used primarily for K to 12 purposes.

 

Currently, SOPPA provides various prohibitions and responsibilities on these companies. The law has important provisions which prevent companies from engaging in targeted advertising to students, amassing a profile on students, selling or renting student information, or using student information except in limited ways. Additionally, companies must meet certain security requirements when storing student data, delete student data when requested by the district, and maintain a public privacy policy.

 

SOPPA also places responsibilities on school districts, including requiring data sharing agreements with many of these companies.  SOPPA also gives parents certain rights when it comes to their children’s data. 

 

How Does the District Comply with SOPPA?

 

SOPPA requires that all companies with which the District shares covered information to sign a Data Sharing Agreement that outlines what data is being shared, the purpose of collecting the data, and how the data will be used and protected. You can see all the outside agreements with the District vendors here

 

The District has also adopted a SOPPA policy that governs the district’s implementation of SOPPA and identifies who at the district can enter into data-sharing agreements with vendors. 

 

Finally, the District always uses robust security measures to protect the student data in its care. 

 

How Can Parents View and Correct Student Data?

Parents may request to inspect and review their student’s covered information.  Requests for reviewing records must be made in writing and include the date of the request, the parent’s name, address, phone number, student’s name, and the name of the school from which the request is being made. The District has forms available.  Parents will be required to provide proof of identity and relationship to the student before access to the covered information is granted.  If the covered information you request includes your child’s school student records, the District will permit you to inspect and review any school student records of your child in accordance with the District’s procedures for student records requests.  

The District shall provide an electronic copy of the records within 45 days of receiving a request for the covered information.  If a parent requests a paper copy, the District will charge .35 cents per page.  No parent will be denied a paper copy due to an inability to pay.  A parent may make a request to review and receive copies of covered information no more than two requests per student per quarter. 

Parents may request corrections of factual inaccuracies contained in their student’s covered information. If the covered information you are requesting be corrected includes your child’s school student records, the District will follow its procedures for amendment of student records with respect to those school student records.  The District will review the request, determine if an inaccuracy exists and if so, will make any necessary corrections within 90 days of the request.  If the correction needs to be made by the Illinois State Board of Education or a District’s vendor, any necessary corrections will also be made within 90 days of the request and the District will notify the parent of any necessary corrections within 10 days after receiving confirmation of the corrections. 

If a parent requests the deletion of any covered information, the District will review the request to determine whether such a deletion would violate the law or result in the student being unable to participate in the District’s curriculum.

What Happens if Data is Breached?

In the unlikely situation that a vendor experiences a potential data breach, the District will be notified. After receiving notice of a potential breach, we will evaluate the report and if confirmed, provide notifications to parents. Information on any breach that impacts more than 10% of our students will be publicly displayed. 

 

The District will also notify parents and post information in the event the District’s data systems are breached.

 

Note:  A notice of breach may be delayed if a law enforcement agency determines that the notification will interfere with a criminal investigation.

 

If you would like more information on SOPPA, please contact Superintendent Joseph Matise.