9:030 Regulatory Compliance

The Superintendent  or designee  will abide by any law, statutory, regulatory, or contractual obligations affecting its information systems.  The design, operation, use and management of information and information systems will comply with all statutory, regulatory, and contractual security requirements including, but not limited to:

CIPPA, the Children’s Internet Protection Act, requires that K-12 schools and libraries use Internet filters and implement other measures to protect children from harmful online content as a condition for the receipt of certain federal funding.  See www.fcc.gov/guides/childrens-internet-protection-act for more information.

COPPA, the Children’s Online Privacy Protection Act, regulates organizations that collect or store information about children under age 13.  Parental permission is required to gather certain information; see www.coppa.org for details.

FERPA, the Family Educational Rights and Privacy Act, applies to all institutions that are recipients of federal aid administered by the Secretary of Education.  This regulation protects student information and accords students specific rights with respect to their data.  For details, seewww.ed.gov/policy/gen/guid/fpco/ferpa/index.html.

The Illinois Freedom of Information Act (FOIA) provides public access to government documents and records upon written request.  A public record is any records, reports, forms, writings, letters, memoranda, books, papers, maps, photographs, cards, tapes, recordings, electronic data processing records, recorded information and all other documentary materials, regardless of form or characteristics; see www.isbe.net/htmls/foia.htm.

HIPPA, the Health Insurance Portability and Accountability Act, applies to organizations that transmit or store protected health information (aka PHI).  It is a broad standard that was originally intended to combat waste, fraud, and abuse in health care delivery and health insurance, but is now used to measure and improve the security of health information as well.  Seewww.hhs.gov/ocr/privacy/index.html.

The Payment Card Industry Data Security Standard (PCI DSS) was created by a consortium of payment brands including American Express, Discover, MasterCard, and Visa.  It covers the management of payment card data and is relevant for any organization that accepts credit card payments.  See www.pcisecuritystandards.org for more information.

Date Adopted: 04/05/2013