SOPPA

Student Online Personal Protection Act (SOPPA)

What is Soppa? 
The Student Online Personal Protection Act, or SOPPA, is the data privacy law that regulates student data collection and use by schools, the Illinois State Board of Education, and Kewanee Community Unit School District #229 vendors.

What is Soppa video link

On August 23, 2019, Illinois Governor J.B. Pritzker signed into law a new version of SOPPA that gives parents/guardians greater control over student data. Among the changes is a new requirement to enact breach notifications that are available to the public.
 
SOPPA will also require Illinois school districts to provide additional guarantees that student data is protected when collected and that data is used for beneficial purposes only. The law is effective on July 1, 2021 (105 ILCS 85).
 
SOPPA requires that school districts must:

Enter into written agreements with all K-12 service providers who collect student data.  Covered data includes, but is not limited to: information in the student's educational record, first/last name, address, phone number, email address, grades, test results, socioeconomic information, photos, search activity, voice recordings, geolocation information, and more.

Implement and maintain reasonable security practices.  Student data is protected through comprehensive privacy policies and security measures such as firewalls, secure servers, intrusion detection software, and other methods.  Written agreements with vendors require that the vendor also maintains security procedures.

Post a list of operators.  This list will include what data elements are shared, written agreements/contracts with the operator within 10 days of signing, & subcontractors for each operator.

District Adopted Technology Policies and Guidelines
6:235 Access to Electronic Networks and Acceptable use Policy
7:345 Use of Educational Technologies: Student Data Privacy and Security
 
The district adheres to the following applicable laws regarding student data and privacy:
Children's Internet Protection Act (CIPA)
Children's Online Privacy Protection Act (COPPA)
Family Educational Rights and Privacy Act (FERPA)
Illinois School Student Records Act (ISSRA)
Student Online Personal Protection Act (SOPPA)
 

District Data Privacy Officer
Federal and State law govern the protection of student data, including school student records and/or covered information. The sale, rental, lease, or trading of any school student records or covered information by the District is prohibited. Protecting such information is important for legal compliance, District operations, and maintaining the trust of District stakeholders, including parents/guardians, students and staff. The Board designates the IT Director to serve as Privacy Officer, who shall ensure the District complies with the duties and responsibilities required of it under the Student Online Personal Protection Act, 105 ILCS 85/, amended by P.A. 101-516, eff. 7-1-21.

District-approved Web-based Tools/Applications and Written Agreements
Kewanee School District #229 values your child's privacy and strives to ensure that parents/guardians are aware of what web-based tools and applications that are being used for educational purposes. A list of Kewanee School District #229 approved web-based tools, written agreements with operators, and a list of data elements shared can be found HERE(link) 

Parent/Guardian Rights
Parents/guardians have the right to inspect, review, and correct information maintained by the school, operator, and the Illinois State Board of Education. All requests should be directed to the IT Director by using the following email address: soppa@kcud229.org

Data Breaches
In the event that there is a data breach, the District will notify parents/guardians via district communication systems within 30 days the data breach and within 60 days if a third-party is responsible for the data breach.

District Services and Applications

Services and Applications utilized by the district:
 
The Kewanee Community Unit School District #229 employs several different pieces of software and websites to help students gain the best education possible. The following link will take you to those current services that the district uses throughout the school year. Contract information on each service is also provided.
 
 
Kewanee Community Unit School District 229 is also a member of ISPA (Illinois Student Privacy Alliance). 
 
The Illinois Student Privacy Alliance (ISPA) is a free consortium that allows school districts to access management tools and resources for data privacy agreements. When used in conjunction with clear policies and procedures, ISPA allows districts to comply with Illinois’ new Student Online Personal Protection Act (SOPPA).
 
Illinois Student Privacy Alliance Webpage 

Personally Identifiable Information (PII) which the district may collect in regards to teaching services utilized by the district. ( Not all items listed may be collected or used by the district)
 
Name
Email ( School Email account)
Address/Location
Phone Number
Socioeconomic Status
Grades/Test Results
Medical Records
Family Members
Gender
Race
Photos
Date of Birth
Weight
Activities

 
Guardian Request for Student Data Removal
 
In accordance with any applicable federal regulations, a school must provide a
student’s parent a paper or electronic copy of the student’s covered information, 
including any covered information maintained by an operator or the State Board,
within 45 days of receiving a request for such information, as provided under
subsection (b). 
If a parent requests an electronic copy of the student's covered
information, the school must provide an electronic copy of that information,
unless the school does not maintain the information in an electronic format and
reproducing the information in an electronic format would be unduly burdensome
to the school.
 
b) Each request under this Section must be submitted by a parent on a signed and
dated request form that includes the parent’s name, address, phone number,
student’s name, and the name of the school from which the request is being made.
A school that receives a request under this Section must require a parent to
provide proof of identity and relationship to the student before access to the
covered information is granted.
 
c) If covered information requested by a parent under this Section includes data on
more than one student, the parent may inspect and review only the covered
information relevant to the parent’s student.
 
d) A parent may make no more than one request under this Section per State fiscal
quarter.
 
Cost for Copies
 
a) A school may not charge a parent for an electronic copy of a student’s covered
information.
b) If a parent requests a paper copy of a student’s covered information, a school may
charge the parent the actual cost for providing a copy of such information,
provided that the cost charged shall not exceed $0.35 per page. No parent shall be
denied a requested paper copy of covered information due to the parent’s inability
to bear the cost of the copying.

Parents or Guardians who would like to request that some or all of student data is removed can initiate the process by emailing admin@kcud229.org.
 
Data Breaches.
The Kewanee School District #229 will inform parents within 30 days of a data breach involving 10% or more of students. Vendors offering services to Kewanee School District#229 are to inform the district within 30 days of a breach according to their agreement with the district.