SOPPA
SCHOOLS (105 ILCS 85/) Student Online Personal Protection Act.
Schools today are increasingly using a wide range of beneficial online services and other technologies to help students learn, but concerns have been raised about whether sufficient safeguards exist to protect the privacy and security of data about students when it is collected by educational technology companies. This Act is intended to ensure that student data will be protected when it is collected by educational technology companies and that the data may be used for beneficial purposes such as providing personalized learning and innovative educational technologies.
| SOPPA Requirement | Company Policy Provision |
|---|---|
| Data Security | |
| Implement and maintain reasonable security procedures and practices to protect covered information from unauthorized access, destruction, use, modification, or disclosure. | See Information Security Policy (AUP), Access Control Policy, Cryptography Policy, and Operations Security Policy; Security Statement, Section 5; Privacy Policy, How We Store and Protect Your Information |
| Data Use and Disclosure Limitations | |
| Prohibit the use of covered information for targeted advertising. | See Security Statement, Section 2; Terms Of Use, School Addendum, Section 3 |
| Prohibit the sale or rental of a student's information. | See Privacy Policy, How We Share Your Information |
| Prohibit the creation of a student profile for any purpose other than K-12 school purposes. | See Privacy Policy, How We Collect and Use Information; Security Statement, Section 2 |
| Parental Rights | |
| Provide parents the right to inspect and review their child's covered information. | See Security Statement, Section 6, "Viewing of RECORDS"; Privacy Policy, Access to Individual Data |
| Provide parents the right to request corrections to factually inaccurate information. | See Security Statement, Section 6, "Correction of RECORDS" |
| Data Deletion | |
| Delete covered information within a reasonable time frame at the request of the school district. | See Security Statement, Section 6, "Removal of RECORDS"; Terms Of Use, School Addendum, Section 4 |
| Breach Notification | |
| Notify the school district of any breach of covered information. | See Privacy Policy, In the event of a data breach; Incident Response Plan |
| Subcontractor Agreements | |
| Ensure that any subcontractors with access to covered information are contractually bound to comply with SOPPA. | See Third-Party Management Policy |
| Data Transparency | |
| Publicly disclose the categories of data collected and the purposes for which the data is used. | See Privacy Policy, How We Collect and Use Information; |
