SOPPA (Student Online personal Protection Act)
Personal Protection Act (SOPPA)
Effective July 1, 2021, school districts will be required by the Student Online
Personal Protection Act (SOPPA) to provide additional guarantees that student
data is protected when collected by educational technology companies, and that
data is used for beneficial purposes only (105
DISTRICT REQUIREMENTS Below is a high-level overview of the new requirements.
Please refer to the legislation for specific timelines and components of each
element. School districts must:
- Annually post a list of all operators of
online services or applications utilized by the district.
- Annually post all data elements that the
school collects, maintains, or discloses to any entity. This information
must also explain how the school uses the data, and to whom and why it
discloses the data.
- Post contracts for each operator within 10
days of signing.
- Annually post subcontractors for each
- Post the process for how parents can
exercise their rights to inspect, review and correct information maintained
by the school, operator, or ISBE.
- Post data breaches within 10 days and notify
parents within 30 days.
- Create a policy for who can sign contracts
- Designate a privacy officer to ensure
- Maintain reasonable security procedures and
practices. Agreements with vendors in which information is shared must
include a provision that the vendor maintains reasonable security procedures
Rights and Privacy Act (FERPA)
FERPA is a Federal law that protects the privacy of student education records.
The law applies to all schools that receive funds from the U.S. Department of
Education. FERPA gives parents certain rights with respect to their children’s
education records. These rights transfer to the student when he or she reaches
the age of 18 or attends a school beyond the high school level.
Privacy Protection Act (COPPA)
The primary goal of COPPA is to place parents in control over what information
is collected from their young children online. COPPA was designed to protect
children under age 13 while accounting for the dynamic nature of the Internet.
The Rule applies to operators of commercial websites and online services
(including mobile apps) directed to children under 13 that collect, use, or
disclose personal information from children, and operators of general audience
websites or online services with actual knowledge that they are collecting,
using, or disclosing personal information from children under 13. The Rule also
applies to websites or online services that have actual knowledge that they are
collecting personal information directly from users of another website or online
service directed to children. Read
Protection Act (CIPA)
CIPA was enacted by Congress in 2000 to address concerns about children’s access
to obscene or harmful content over the Internet. CIPA imposes certain
requirements on schools or libraries that receive discounts for Internet access
or internal connections through the E-rate program. Read
Protection of Pupil
Rights Amendment (PPRA)
PPRA is intended to protect the rights of parents and students in two ways:
- It seeks to ensure that schools and
contractors make instructional materials available for inspection by parents
if those materials will be used in connection with an ED-funded survey,
analysis, or evaluation in which their children participate; and
- It seeks to ensure that schools and
contractors obtain written parental consent before minor students are
required to participate in any ED-funded survey, analysis, or evaluation
that reveals certain information.
PPRA applies to programs that receive funding from the U.S. Department of
Spoon River Valley
Community Unit School District web based software Privacy Policies