Student Data Privacy

Student Online Personal Protection Act

Student Online Personal Protection Act (SOPPA) protects the privacy and security of student data when collected by companies operating websites, online services, or online/mobile applications primarily used for K-12 school purposes. Prohibits the use of student data for targeted advertising, the sale of student information gathered during the students’ use of the educational technology, and the use of data collected to amass a profile about a student.

Effective July 1, 2021, school districts will be required to post a list of operators with which the district has written agreements, copies of those written agreements, and other information about such operators on the school’s website; as well as to notify students and parents of any breach of student data by an operator of the school. (105 ILCS 85/1 et seq.) Websites must be updated twice yearly: no later than 30 days after the start of each fiscal and calendar year.

ALL public schools are required to have signed agreements with vendors or providers (i.e. operators) that collect student data (both free and paid services)


Below is a high-level overview of the new requirements. Please refer to the legislation for specific timelines and components of each element. School districts must:

  1. Annually post a list of all operators of online services or applications utilized by the district.

  2. Annually post all data elements that the school collects, maintains, or discloses to any entity. This information must also explain how the school uses the data, and to whom and why it discloses the data.

  3. Post contracts for each operator within 10 days of signing.

  4. Annually post subcontractors for each operator.

  5. Post the process for how parents can exercise their rights to inspect, review and correct information maintained by the school, operator, or ISBE.

  6. Post data breaches within 10 days and notify parents within 30 days.

  7. Create a policy for who can sign contracts with operators.

  8. Designate a privacy officer to ensure compliance.

  9. Maintain reasonable security procedures and practices. Agreements with vendors in which information is shared must include a provision that the vendor maintains reasonable security procedures and practices.

Family Educational Rights and Privacy Act (FERPA)

FERPA is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds from the U.S. Department of Education. FERPA gives parents certain rights with respect to their children’s education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level.

Children’s Online Privacy Protection Act (COPPA)

The primary goal of COPPA is to place parents in control over what information is collected from their young children online. COPPA was designed to protect children under age 13 while accounting for the dynamic nature of the Internet. The Rule applies to operators of commercial websites and online services (including mobile apps) directed to children under 13 that collect, use, or disclose personal information from children, and operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13. The Rule also applies to websites or online services that have actual knowledge that they are collecting personal information directly from users of another website or online service directed to children. Read more

Children’s Internet Protection Act (CIPA)

CIPA was enacted by Congress in 2000 to address concerns about children’s access to obscene or harmful content over the Internet. CIPA imposes certain requirements on schools or libraries that receive discounts for Internet access or internal connections through the E-rate program. Read more

Protection of Pupil Rights Amendment (PPRA)

PPRA is intended to protect the rights of parents and students in two ways:

  • It seeks to ensure that schools and contractors make instructional materials available for inspection by parents if those materials will be used in connection with an ED-funded survey, analysis, or evaluation in which their children participate; and

  • It seeks to ensure that schools and contractors obtain written parental consent before minor students are required to participate in any ED-funded survey, analysis, or evaluation that reveals certain information.

PPRA applies to programs that receive funding from the U.S. Department of Education. Read more

PPCUSD8 Data Privacy Agreements

To view a list of all operators of online services or applications utilized by the district, please visit the PPCUSD8 Online Resources. The Data Privacy Agreements (DPA) outline what data is stored, how it is protected, what the company can and cannot do with the data, and what they will do in the event of a data breach. Parents have the ability to exercise their rights to inspect, review, correct information, or opt-out.

The list of subcontractors that vendors use may be found at Vendor Subcontractors

Teacher Digital Resource Request Form

If a teacher is interested in using a resource that requires students to login to either access or produce content on the Internet, please:

  1. First review the current PPCUSD8 Online Resource agreements the district has in place. Also, review the Vendor List of companies that do not require an agreement.

  2. If you do not see the resource you wish to use, please fill out the Teacher Digital Resource Request Form with as much information as possible.

  3. Once the district has the Data Privacy Agreement (DPA) from the vendor the teacher is able to use the resource. If the vendor does not comply to the DPA, the resource is not to be used.

Parent Request of Student Information

To make a request to inspect or review covered student information and/or to request corrections to factual inaccuracies, please complete the following form: