Data Privacy and Security SOPPA

SOPPA

Effective July 1, 2021, school districts will be required by the Student Online Personal Protection Act (SOPPA) to provide additional guarantees that student data is protected when collected by educational technology companies, and that data is used for beneficial purposes only (105 ILCS 85).

The Student Online Personal Protection Act (SOPPA) is the data privacy law that regulates student data collection and use by schools, the Illinois State Board of Education, and third-party vendors. As part of SOPPA, these vendors must enter into Data Privacy Agreements (DPA) with each district they work with. These agreements outline what data is store, how it is protected, what the company can and cannot do with the data, and what they will do in the event of a data breach.

The changes to SOPPA mandate that by July 2021, schools must have written agreements with all EdTech software vendors in use. Districts must also make readily available via their websites an overview of security practices, a description of how parents can ensure their student data privacy rights are being met, a list of approved vendors and their corresponding written agreements, and a list of any student data breaches that have impacted more than 10% of students.

For a list of the district's signed agreements, please visit the IL Student Data Privacy Consortium website.

For more information about privacy and internet safety, please visit the Common Sense Media website.

43 security best practices that all Illinois districts should implement to comply with the Student Online Personal Protection Act.

• Use of Educational Technologies; Student Data Privacy and Security
• Policy 7345-2