Student Data Privacy
Hartsburg-Emden CUSD #21 takes the privacy of our student's data seriously. This page intends to make transparent and is working diligently to be compliant with the Student Online Personal Protection Act (SOPPA)
What is SOPPA?
Effective July 1, 2021, school districts will be required by the Student Online Personal Protection Act (SOPPA) to provide additional guarantees that student data is protected when collected by educational technology companies, and that data is used for beneficial purposes only (105 ILCS 85).
What happens to the student data that we send to a third party vendor? Information like names, birthdates, etc... may be provided by Hartsburg-Emden CUSD #21 to a third party like IXL, NWEA MAP, etc... What protections do those companies have in place to make sure that our student's data is not sold or freely given to others? This is exactly what SOPPA looks to address.
As part of SOPPA, these companies must enter into Data Privacy Agreements (DPA) with each district they work with. These agreements outline what data is stored, how it is protected, what the company can and cannot do with that data, and what they will do in the event of a data breach.
Below is an overview of the new requirements. Please refer to the legislation for specific timelines and components of each element. School districts must:
What happens to the student data that we send to a third party vendor? Information like names, birthdates, etc... may be provided by Hartsburg-Emden CUSD #21 to a third party like IXL, NWEA MAP, etc... What protections do those companies have in place to make sure that our student's data is not sold or freely given to others? This is exactly what SOPPA looks to address.
As part of SOPPA, these companies must enter into Data Privacy Agreements (DPA) with each district they work with. These agreements outline what data is stored, how it is protected, what the company can and cannot do with that data, and what they will do in the event of a data breach.
Below is an overview of the new requirements. Please refer to the legislation for specific timelines and components of each element. School districts must:
- Annually post a list of all operators of online services or applications utilized by the district.
- Annually post all data elements that the school collects, maintains, or discloses to any entity.
- This information must also explain how the school uses the data, whom/why it discloses the data.
- Post contracts for each operator within 10 days of signing.
- Annually post subcontractors for each operator.
- Post the process for how parents can exercise their rights to inspect, review and correct information maintained by the school, operator, or ISBE.
- Post data breaches within 10 days and notify parents within 30 days.
- Create a policy for who can sign contracts with operators.
- Designate a privacy officer to ensure compliance.
- Maintain reasonable security procedures and practices. Agreements with vendors in which information is shared must include a provision that the vendor maintains reasonable security procedures and practices.
Links
- Annual Notice Regarding SOPPA
- Parent Guides from Connect Safely
- Student Data Privacy Laws
- SOPPA Details and Changes
- District Collected Student Data (Coming Soon)
Important Data Privacy Laws
Family Educational Rights and Privacy Act (FERPA)
Governs information in a student’s education record, restricting access and use of student information.
Children’s Online Privacy Protection Act (COPPA)
Restricts the collection of personal information from children under 13 by companies operating websites, games, mobile applications, and digital services that are directed to children or that collect personal information from individuals known to be children.
Children’s Internet Protection Act (CIPA)
Imposes certain requirements on schools that utilize the federal E-Rate program to receive discounts for internet access and other technology services, or that receive federal grants for other technology expenses.
Student Online Personal Protection Act (SOPPA)
Guarantees that student data is protected when collected by educational technology companies, and that data is used for beneficial purposes only.