Student Data Privacy

Student Online Personal Protection Act

What is SOPPA?

The Student Online Personal Protection Act, or SOPPA, is the data privacy law that regulates student data collection and use by schools, the Illinois State Board of Education, and educational technology vendors.

As required by SOPPA, Farmington Central CUSD #265 must enter into Data Privacy Agreements (DPA) with each education technology vendor we work with.

The agreements outline the following:

  • What data is stored

  • How data is protected

  • What the vendor can and cannot do with the data

  • Procedures in the event of a data breach

Data Privacy Agreements (DPA)

Farmington Central CUSD #265 utilizes the the Student Data Privacy Consortium (SDPC) to enter into contracts with educational technology vendors who handle our student data. The SDPC is a unique collaborative of schools, districts, regional, territories and state agencies, policy makers, trade organizations and marketplace providers addressing real-world, adaptable, and implementable solutions to growing data privacy concerns. If you would like to learn more about the SDPC, click here.

Farmington Central CUSD #265 DPAs

Notable Data Privacy Laws

Family Educational Rights and Privacy Act (FERPA) governs information in a student’s education record, restricting access and use of student information.

  • Generally prohibits districts from disclosing students’ education records without written parent or eligible student consent.

  • “Education records” are broadly defined to include any records, files, or documents maintained by a school district that contain personally identifiable information on students.

  • Grants parents and guardians the right to inspect and review education records; request that a school amend the student’s records; consent in writing to the disclosure of personally identifiable information from the student's records, subject to certain enumerated exceptions.

(20 U.S.C. § 1232g; 34 C.F.R. Part 99.)

Student Online Personal Protection Act (SOPPA) protects the privacy and security of student data when collected by companies operating websites, online services, or online/mobile applications primarily used for K-12 school purposes.

  • Prohibits the use of student data for targeted advertising, the sale of student information gathered during the students’ use of the educational technology, and the use of data collected to amass a profile about a student.

  • Effective July 1, 2021, school districts will be required (among other things) to post a list of operators with which the district has written agreements, copies of those written agreements, and other information about such operators on the school’s website; as well as to notify students and parents of any breach of student data by an operator of the school. 

(105 ILCS 85/1 et seq.)

Children’s Online Privacy Protection Act (COPPA) restricts the collection of personal information from children under 13 by companies operating websites, games, mobile applications, and digital services that are directed to children or that collect personal information from individuals known to be children.

  • COPPA requires companies to have a clear privacy policy, provide direct notice to parents, and obtain parental consent before collecting information from children under 13.

(P.L. 105-277; 15 U.S.C. § 6501 et seq.; 16 C.F.R. part 312.)

Children’s Internet Protection Act (CIPA) imposes certain requirements on schools that utilize the federal E-Rate program to receive discounts for internet access and other technology services, or that receive federal grants for other technology expenses.

  • Requires that districts adopt an internet safety policy that includes protection measures to block or filter internet access to visual depictions that are obscene, child pornography, or harmful to minors.

  • School districts must monitor the online activities of children and educate children about appropriate online behavior, including interacting with other individuals on social networking websites and cyber bullying awareness and response.

(47 U.S.C. §254(h); 47 C.F.R. §54.520.)

Illinois School Student Records Act (ISSRA) is similar to FERPA and ensure parent/guardian access to their child’s records and the confidentiality of student records and the information in those records.

(105 ILCS 10/1 et seq.; 23 Ill Admin. Code Part 375.)