SOPPA - STUDENT DATA PRIVACY
Student Online Personal Protection Act (SOPPA)
DISTRICT REQUIREMENTS Below is a high-level overview of the new requirements.
Please refer to the legislation for specific timelines and components of each
element. School districts must:
- Annually post a list of all operators of online services or applications
utilized by the district.
- Annually post all data elements that the school collects, maintains, or
discloses to any entity. This information must also explain how the school
uses the data, and to whom and why it discloses the data.
- Post contracts for each operator within 10 days of signing.
- Annually post subcontractors for each operator.
- Post the process for how parents can exercise their rights to inspect,
review and correct information maintained by the school, operator, or ISBE.
- Post data breaches within 10 days and notify parents within 30 days.
- Create a policy for who can sign contracts with operators.
- Designate a privacy officer to ensure compliance.
- Maintain reasonable security procedures and practices. Agreements with
vendors in which information is shared must include a provision that the
vendor maintains reasonable security procedures and practices.
Family Educational Rights and Privacy Act (FERPA)
FERPA is a Federal law that protects the privacy of student education records.
The law applies to all schools that receive funds from the U.S. Department of
Education. FERPA gives parents certain rights with respect to their children’s
education records. These rights transfer to the student when he or she reaches
the age of 18 or attends a school beyond the high school level.
Children’s Online Privacy Protection Act (COPPA)
The primary goal of COPPA is to place parents in control over what information is
collected from their young children online. COPPA was designed to protect children
under age 13 while accounting for the dynamic nature of the Internet. The Rule
applies to operators of commercial websites and online services (including mobile
apps) directed to children under 13 that collect, use, or disclose personal
information from children, and operators of general audience websites or online
services with actual knowledge that they are collecting, using, or disclosing
personal information from children under 13. The Rule also applies to websites or
online services that have actual knowledge that they are collecting personal
information directly from users of another website or online service directed to
Children’s Internet Protection Act (CIPA)
CIPA was enacted by Congress in 2000 to address concerns about children’s access to
obscene or harmful content over the Internet. CIPA imposes certain requirements on
schools or libraries that receive discounts for Internet access or internal
connections through the E-rate program.
Protection of Pupil Rights Amendment (PPRA)
PPRA is intended to protect the rights of parents and students in two ways:
- It seeks to ensure that schools and contractors make instructional materials
available for inspection by parents if those materials will be used in
connection with an ED-funded survey, analysis, or evaluation in which their
children participate; and
- It seeks to ensure that schools and contractors obtain written parental consent
before minor students are required to participate in any ED-funded survey,
analysis, or evaluation that reveals certain information.
PPRA applies to programs that receive funding from the U.S. Department of Education.
South Cook ISC R.I.S.E. Privacy Policies
SDPC Database Tool