Federal and State Laws

D205 will comply with all applicable laws and regulations concerning the privacy of student data. D205 will also take steps to ensure that any third parties who provide services to the District comply with these laws. The following is an overview of the various laws that govern the confidentiality of student information, including but not limited to electronic data. The Learning Technology Center of Illinois has also compiled the linked Legislative Brief for additional context.  

The Children’s Internet Protection Act (CIPA) was enacted to address concerns about children's access to obscene or harmful content over the Internet. CIPA imposes certain requirements on schools that receive discounts for Internet access or through the e-rate program, which is a program that makes certain communications services and products more affordable for eligible schools. To be eligible to receive discounts, a school must have an Internet safety policy that includes protection measures to block or filter Internet access to pictures that are obscene, child pornography, or harmful to minors. A school is also required to include in its Internet safety policies that the school will monitor the online activities of children and educate children about appropriate online behavior, including interacting with other individuals on social networking websites and in chat rooms, and cyber bullying awareness and response. More information is available at www.fcc.gov/consumers/guides/childrens-internet-protection-act47 U.S.C. §254(h), (i); 47 C.F.R. §54.520.) 

The Children’s Online Privacy and Protection Act (COPPA) also deals with children’s online privacy. The primary goal of COPPA is to place parents in control over what information is collected from children under age 13. COPPA applies to commercial websites and online services. The term “online service” broadly covers any service available over the Internet (including mobile apps), or that connects to the Internet or a wide-area network. COPPA imposes requirements on: operators of websites and online services directed to children under 13 that collect, use, or disclose personal information from children; operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13; and operators of websites or online services that have actual knowledge that they are collecting personal information directly from users of another website or online service directed to children. More information is available at www.ftc.gov/tips-advice/business-center/privacy-and-security/children%27s-privacy. (15 U.S.C. §§6501-6505; 16 C.F.R. Part 312.) 

The Federal Educational Rights and Privacy Act (FERPA) affords parents/guardians important rights concerning their children's school student records and the personally identifiable information in those records. FERPA gives parents/guardians the rights to: (1) inspect and review the student's records maintained by the school; (2) request that a school amend the student’s records; (3) consent in writing to the disclosure of personally identifiable information from the student's records, except under certain permitted situations; and (4) file a complaint with the U.S. Department of Education’s Family Policy Compliance Office regarding an alleged violation under FERPA. More information on FERPA is available at https://studentprivacy.ed.gov/ and https://studentprivacy.ed.gov/sites/default/files/resource_document/file/ferpa-hipaa-guidance.pdf. (20 U.S.C. § 1232g; 34 C.F.R. Part 99.)

Annual Notice for SOPPA.

The Student Online Personal Protection Act (SOPPA) protects the privacy and security of student data when collected by educational technology companies operating online websites, online services, or online/mobile applications. Pursuant to SOPPA, school districts must “implement and maintain reasonable security procedures and practices that otherwise meet or exceed industry standards designed to protect covered information from unauthorized access, destruction, use, modification, or disclosure". The SOPPA allows data to be used to benefit students, including as a way to provide personalized learning and educational technology. The SOPPA bars the use of student data for targeted advertising and prohibits the sale of student information gathered during the students’ use of educational technology.  The SOPPA requires that school districts entered into data sharing agreements with educational technology vendors with whom the school district shares certain covered information. The SOPPA also requires that school districts publish information about any Data Breach affecting 10% or more of students. (105I ILCS 85/1 et.seq.)