Data Security and Privacy in District 58

District 58 is entrusted with personal student information, and we take protecting this information very seriously. In addition to following strict security procedures internally and requiring that level of security from our external providers, we also comply with all security and privacy laws when using student information internally and when sharing it with our third-party partners.

 

District 58 Board of Education Policies

7.15 - Student and Family Privacy Rights

7.340 - Student Records

7.345 - Use of Educational Technologies; Student Data Privacy and Security

 

IL Student Online Personal Protection Act (SOPPA)

SOPPA regulates vendors (operators) who provide web-based sites, services, online and mobile applications that are used primarily for K to 12 purposes. 

Currently, SOPPA provides various prohibitions and responsibilities on these vendors, referred to in the law as “operators.”  The law prohibits operators from engaging in targeted advertising to students, amassing a profile on students, selling or renting student information, or using student information except in limited ways. Additionally, operators must maintain certain security protocols when storing student data, delete student data when requested by the district, and maintain a public privacy policy.

The law has been amended, effective July 1, 2021 not only to expand the responsibilities and prohibitions of operators, but  also to place new responsibilities on school districts and on the Illinois State Board of Education (ISBE), as well as delineate the scope of parental rights.

 

Outside Applications Used by District 58

We require all third-party vendors (operators) with which we share covered information, to sign a Data Privacy Agreement with us, which outlines what data is potentially shared, the purpose for collecting the data, what subcontractors they use and additional information.

You can see all current executed agreements here. As we secure Data Privacy Agreements and amass the information required by SOPPA, agreements will be added to the list.

Procedures for Inspecting, Correcting, or Deleting Covered Information Under SOPPA

Families may request to inspect and review their student’s covered information. Requests for reviewing records must be made in writing and include the date of the request, the parent or guardian's name, address, phone number, student’s name, and the name of the school from which the request is being made. Please email the District's Data Privacy Officer, James Eichmiller with your request.  Families will be required to provide proof of identity and relationship to the student before access to the covered information is granted. 

Parents may also consult the District’s procedures on reviewing and challenging student records if the covered information also constitutes student records.

 

Data Breach Notification Process

In the unlikely situation that an operator experiences  a potential data breach, they must notify District as soon as possible. After receiving notice of a potential breach, we will evaluate their report and if confirmed, provide notifications to parents. Information on past breaches will be publicly displayed below and contain the following information.

  • Date or estimated date/range of the breach
  • Description of covered information breached58
  • The number of students unless disclosure would violate the Personal Information Protection Act
  • Contact information of the operator for questions
  • Toll-free numbers, addresses, and websites of consumer reporting agencies and the FTC
  • The District will also notify parents and post information in the event the District’s data systems are breached.

Note:  A notice of breach may be delayed if a law enforcement agency determines that the notification will interfere with a criminal investigation. If a breach impacts less than 10% of the student enrollment, by law it does not need to be disclosed in the manner described above.

 

Data Breaches

There are no known data breaches at this time impacting District 58 covered information.

 

Important Data Privacy Laws

Student Online Personal Protection Act (SOPPA): Guarantees that student data is protected when collected by educational technology companies, and that data is used for beneficial purposes only.

Children’s Online Privacy Protection Act (COPPA): Restricts the collection of personal information from children under 13 by companies operating websites, games, mobile applications, and digital services that are directed to children or that collect personal information from individuals known to be children.

Children’s Internet Protection Act (CIPA): Imposes certain requirements on schools that utilize the federal E-Rate program to receive discounts for internet access and other technology services, or that receive federal grants for other technology expenses.

Family Educational Rights and Privacy Act (FERPA): Governs information in a student’s education record, restricting access and use of student information