Student Data Privacy Laws

Student Data Privacy Laws

Marengo-Union ECSD 165 is responsible for ensuring the safe handling of student information. The district adheres to applicable laws regarding student data and privacy: SOPPA, FERPA, CIPA, COPPA, & ISSRA. An Annual List of Operators 2021-2022 of online services or applications shall be posted by the school district July 1st, 2021. 

Student Online Personal Protection Act (SOPPA) protects the privacy and security of student data when collected by companies operating websites, online services, or online/mobile applications primarily used for K-12 school purposes.

  • Prohibits the use of student data for targeted advertising, the sale of student information gathered during the students’ use of the educational technology, and the use of data collected to amass a profile about a student.

Effective July 1, 2021, school districts will be required (among other things) to post a list of operators with which the district has written agreements, copies of those written agreements, and other information about such operators on the school’s website; as well as to notify students and parents of any breach of student data by an operator of the school. (105 ILCS 85/1 et seq.)

Family Educational Rights and Privacy Act (FERPA) governs information in a student’s education record, restricting access and use of student information.

  • Generally prohibits districts from disclosing students’ education records without written parent or eligible student consent.

  • “Education records” are broadly defined to include any records, files, or documents maintained by a school district that contain personally identifiable information on students.

  • Grants parents and guardians the right to inspect and review education records; request that a school amend the student’s records; consent in writing to the disclosure of personally identifiable information from the student's records, subject to certain enumerated exceptions.
    (20 U.S.C. § 1232g; 34 C.F.R. Part 99.)

Children’s Internet Protection Act (CIPA) imposes certain requirements on schools that utilize the federal E-Rate program to receive discounts for internet access and other technology services, or that receive federal grants for other technology expenses.

  • Requires that districts adopt an internet safety policy that includes protection measures to block or filter internet access to visual depictions that are obscene, child pornography, or harmful to minors.

  • School districts must monitor the online activities of children and educate children about appropriate online behavior, including interacting with other individuals on social networking websites and cyber bullying awareness and response.
    (47 U.S.C. §254(h); 47 C.F.R. §54.520.)

Children’s Online Privacy Protection Act (COPPA) restricts the collection of personal information from children under 13 by companies operating websites, games, mobile applications, and digital services that are directed to children or that collect personal information from individuals known to be children.

  • COPPA requires companies to have a clear privacy policy, provide direct notice to parents, and obtain parental consent before collecting information from children under 13.
    (P.L. 105-277; 15 U.S.C. § 6501 et seq.; 16 C.F.R. part 312.)

Illinois School Student Records Act (ISSRA) is similar to FERPA and ensure parent/guardian access to their child’s records and the confidentiality of student records and the information in those records.
(105 ILCS 10/1 et seq.; 23 Ill Admin. Code Part 375.)