Effective July 1, 2021, school districts will be required by the Student Online Personal Protection Act (SOPPA) to provide additional guarantees that student data is protected when collected by educational technology companies, and that data is used for beneficial purposes only (105 ILCS 85).
DISTRICT REQUIREMENTS Below is a high-level overview of the new requirements. Please refer to the legislation for specific timelines and components of each element. School districts must:
- Annually post a list of all operators of online services or applications utilized by the district.
- Annually post all data elements that the school collects, maintains, or discloses to any entity. This information must also explain how the school uses the data, and to whom and why it discloses the data.
- Post contracts for each operator within 10 days of signing.
- Annually post subcontractors for each operator.
- Post the process for how parents can exercise their rights to inspect, review and correct information maintained by the school, operator, or ISBE.
- Post data breaches within 10 days and notify parents within 30 days.
- Create a policy for who can sign contracts with operators.
- Designate a privacy officer to ensure compliance.
- Maintain reasonable security procedures and practices. Agreements with vendors in which information is shared must include a provision that the vendor maintains reasonable security procedures and practices.
Child Internet Protection Act (CIPA)
The school is required by CIPA to have technology measures and policies in place that protect students from harmful materials including those that are obscene and pornographic. This means that student email is filtered. Mail containing harmful content from inappropriate sites will be blocked.
Westchester School District 92 1/2 uses a content filter (Securly), a cloud-based solution that protects users by blocking potentially objectionable or offensive content. No filter guarantees to block all inappropriate content so staff and students are responsible for acceptable use and reporting when online.
Family Educational Rights and Privacy Act (FERPA)
FERPA protects the privacy of student education records and gives parents the rights to review student records. Under FERPA, schools may disclose directory information (name, phone, address, grade level, etc...) but parents may request that the school not disclose this information by sending a written request to the Director of Communications.
- The school will not publish confidential education records (grades, student ID #, etc.) for public viewing on the Internet.
- The school may publish student work and photos for public viewing but will not publish student last names or other personally identifiable information.
- Parents may request that photos, names, and general directory information about their children not be published. Please contact the school's main office for more information on how to do this.
- Parents have the right at any time to investigate the contents of their child’s email and Apps for Education files.
Children's Online Privacy Protection Act (COPPA)
The primary goal of COPPA is to place parents in control over what information is collected from their young children online. COPPA was designed to protect children under age 13 while accounting for the dynamic nature of the Internet. The Rule applies to operators of commercial websites and online services (including mobile apps) directed to children under 13 that collect, use, or disclose personal information from children, and operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13. The Rule also applies to websites or online services that have actual knowledge that they are collecting personal information directly from users of another website or online service directed to children.
Westchester School District web-based software Privacy Policies