7:345-E2 Student Data Privacy; Notice to Parents about Educational Technology Vendors
Use the sample text below to provide notice to parents/guardians about educational technology vendors pursuant to the Student Online Personal Protection Act, 105 ILCS 85/28(e), added by P.A. 101-516, eff. 7-1-21. Beginning with the 2021-2022 school year, school districts must provide this notice to parents/guardians at the beginning of each school year through distribution of school handbooks or other means generally used by a district to provide such notices to parents/guardians.
Annual Notice to Parents about Educational Technology Vendors Under the Student Online Personal Protection Act
School districts throughout the State of Illinois contract with different educational technology vendors for beneficial K-12 purposes such as providing personalized learning and innovative educational technologies, and increasing efficiency in school operations.
Under Illinois’ Student Online Personal Protection Act, or SOPPA (105 ILCS 85/), educational technology vendors and other entities that operate Internet websites, online services, online applications, or mobile applications that are designed, marketed, and primarily used for K-12 school purposes are referred to in SOPPA as operators. SOPPA is intended to ensure that student data collected by operators is protected, and it requires those vendors, as well as school districts and the Ill. State Board of Education, to take a number of actions to protect online student data.
Depending upon the particular educational technology being used, our District may need to collect different types of student data, which is then shared with educational technology vendors through their online sites, services, and/or applications. Under SOPPA, educational technology vendors are prohibited from selling or renting a student’s information or from engaging in targeted advertising using a student’s information. Such vendors may only disclose student data for K-12 school purposes and other limited purposes permitted under the law.
In general terms, the types of student data that may be collected and shared include personally identifiable information (PII) about students or information that can be linked to PII about students, such as:
- Basic identifying information, including student or parent/guardian name and student or parent/guardian contact information, username/password, student ID number
- Demographic information
- Enrollment information
- Assessment data, grades, and transcripts
- Attendance and class schedule
- Academic/extracurricular activities
- Special indicators (e.g., disability information, English language learner, free/reduced meals or homeless/foster care status)
- Conduct/behavioral data
- Health information
- Food purchases
- Transportation information
- In-application performance data
- Student-generated work
- Online Communications
- Application metadata and application use statistics
Operators may collect and use student data only for K-12 purposes, which are purposes that aid in the administration of school activities, such as
- Instruction in the classroom or at home (including remote learning)
- Administrative activities
- Collaboration between students, school personnel and/or parents/guardians
- Other activities that are for the use and benefit of the school district
Dated Adopted: April 20, 2021