Student Online Personal Protection Act - SOPPA
As part of your child's education, Oak Park Elementary School District 97 partners with education technology (“ed tech”) companies to provide services such as digital curriculum, educational resources, and analytical tools. We the privacy and online safety of our students very seriously, and have always taken steps to guard closely the student data collected within our networks or by the online resources we use in our schools. District 97 is committed to protecting the information security and privacy of our students in accordance with the latest version of the Student Online Personal Protection Act (SOPPA). SOPPA is the data privacy law that regulates student data collection and use by schools, the Illinois State Board of Education, and ed tech vendors.
On August 23, 2019, Illinois Governor J.B. Pritzker signed into law an amended version of SOPPA that gives parents greater control over student data. Among the changes is a new requirement to enact breach notifications that are available to the public. SOPPA also requires Illinois school districts to provide additional guarantees that student data is protected when collected by ed tech companies and used for beneficial purposes only. The law is effective July 1, 2021.
District 97 Approved Online Resources
LearnPlatform - D97 Online Resources and Applications
This list includes the online services or applications that the district uses, the contracts signed by the district, and any data collected by those tools or by the district. Teachers and staff can fill out this form to request the district to verify if an application or tool is SOPPA compliant. The District 97 Technology Department regularly updates and verifies applications and tools.
- Staff fill out a Software Application Request online.
- The Data Privacy Officer receives requests and vetts the educational resource for privacy using the following procedures.
- If the tool is approved via the data privacy procedures and related department review, the Data Privacy Officer will review the SDPC database for an approved IL-NDPA agreement. If there is one that meets the state requirements under SOPPA, the Data privacy officer will complete Exhibit E and send a countersigned agreement to the vendor. If there is not a IL-NDPA agreement on the SDPC site or it does not meet the criteria per Data Privacy and district attorney review, Data Privacy Officer will create an agreement using the IL-NDPA agreement and send it to the vendor contract. Once agreed upon, continue to step 4.
- Countersigned vendor IL-NDPA and Exhibit E are uploaded to the district Learn Platform public site.
- If the software application is denied; the Data Privacy Officer responds to the Software Application Request stating why the software application request was denied. If the software application is approved, the Data Privacy Officer will contact the supervisor to see if there is a need and provide a quote for how many software licenses that are required.
- The supervisor then reviews the district workflow template to ensure all steps are followed prior to filling out a business office Purchase Order Request for the software application that will need pre-approval.
- This purchase order is either approved or denied by the Senior Director of Finance.
- The Purchase Order form is given back to the supervisor to send to the vendor.
- The supervisor then provides a copy of the purchase order and implementation details to the Data Privacy Officer to begin the technical project kickoff to determine timeline for implementation/rollout.
- The software application is ordered and approved through Apple School Manager/Google/Clever and deployed to the user(s) that need that software application by the Technology Department.
- The Technology Department closes the Software Application Request notifying the parties involved that the software application has been installed.
- Staff fill out a Software Application Request online.
- The Data Privacy Officer receives requests and vetts the educational resource for privacy using the following procedures.
- If the tool is approved via the data privacy procedures and related department review, the Data Privacy Officer will review the SDPC database for an approved IL-NDPA agreement. If there is one that meets the state requirements under SOPPA, the Data privacy officer will complete Exhibit E and send a countersigned agreement to the vendor. If there is not a IL-NDPA agreement on the SDPC site or it does not meet the criteria per Data Privacy and district attorney review, Data Privacy Officer will create an agreement using the IL-NDPA agreement and send it to the vendor contract. Once agreed upon, continue to step 4.
- Countersigned vendor IL-NDPA and Exhibit E are uploaded to the district Learn Platform public site.
- If the software application is denied; the Data Privacy Officer responds to the Software Application Request stating why the software application request was denied. If the software application is approved, the Data Privacy Officer will contact the supervisor to see if there is a need and provide a quote for how many software licenses that are required.
- The supervisor then reviews the district workflow template to ensure all steps are followed prior to preparing the rollout.
- The supervisor then provides notification and implementation details to the Data Privacy Officer/Technology Department Head to begin the technical project kickoff to determine timeline for implementation/rollout.
- The software application is ordered and approved through Apple School Manager/Google/Clever and deployed to the user(s) that need that software application by the Technology Department.
- The Technology Department closes the Software Application Request notifying the parties involved that the software application has been installed.
Video Overviews of Data Privacy Laws
SOPPA guarantees that student data is protected when collected by educational technology companies, and that data is used for beneficial purposes only.
COPPA restricts the collection of personal information from children under 13 by companies operating websites, games, mobile applications, and digital services that are directed to children or that collect personal information from individuals known to be children.
CIPA imposes certain requirements on schools that utilize the federal E-Rate program to receive discounts for internet access and other technology services, or that receive federal grants for other technology expenses.
FERPA governs information in a student’s education record, restricting access and use of student information