• Student Data Privacy

     

    Protecting student data is a priority for Lincolnwood School District 74 and is of the utmost importance. Student data is protected through a comprehensive set of privacy policies, Illinois school laws, network security, and staff training. 

     

    Effective July 1, 2021, school districts will be required by the Student Online Personal Protection Act, or SOPPA, to provide certain guarantees that student data is protected when collected by educational technology companies, and that data is used for beneficial purposes only (105 ILCS 85) as stated in the Act’s Legislative Intent. 

  • What is SOPPA?

    The Student Online Personal Protection Act, or SOPPA, is the data privacy law that regulates student data collection and use by schools, the Illinois State Board of Education, and third-party vendors. As part of SOPPA, these vendors must enter into Data Privacy Agreements (DPAs) with each district they work with. These agreements outline what data is stored, how it is protected, what the company can and cannot do with that data, and what it will do in the event of a data breach.

      

    District Requirements

     Below is a high-level overview of the new requirements. Please refer to the legislation for specific timelines and components of each element. School districts must:

    1. Annually post a list of all operators of online services or applications utilized by the district.
    2. Annually post all data elements that the school collects, maintains, or discloses to any entity. This information must also explain how the school uses the data, and to whom and why it discloses the data.
    3. Post contracts for each operator within 10 days of signing.
    4. Annually post subcontractors for each operator.
    5. Post the process for how parents can exercise their rights to inspect, review and correct information maintained by the school, operator, or ISBE.
    6. Post data breaches within 10 days and notify parents within 30 days.
    7. Create a policy for who can sign contracts with operators.
    8. Designate a privacy officer to ensure compliance.
    9. Maintain reasonable security procedures and practices. Agreements with vendors in which information is shared must include a provision that the vendor maintains reasonable security procedures and practices.

     

    Parental Rights Regarding the Review of Student Personal Data

    SOPPA regulations state that parents and/or legal guardians have the right to inspect, review, and correct information maintained by the school, operator, and the Illinois State Board of Education.  All requests should be made via email to the Director for Technology (the designated Data Privacy Officer) using this email address: jstephen@sd74.org.   

     

    Data Breaches

    In the unlikely event of a data breach, Lincolnwood School District 74 will promptly communicate the information to those impacted. While we will do our best to protect student information at all costs and adhere to best practices and regulations, we will also be transparent should this event occur.

     
    As part of SOPPA, companies must enter into Data Privacy Agreements (DPAs) with each district they work with. District 74 utilizes the Illinois Student Privacy Alliance to assist with evaluating the use of specific online applications; establishing a list of applications or services approved for use; developing a process for the approval of online sites, applications, or services not already approved for use; and, creating, maintain and regularly updating an internal inventory with related pertinent information. If you would like to view the DPAs that Lincolnwood SD74 currently holds, please click here: Digital Resource Listing.