Author’s Note: The content for this post was adapted from “SOPPA for Teachers: How to Be a Partner in Protecting Student Data,” a webinar presented by the LTC’s Brian Bates on March 3, 2021. You can view the entire webinar for free on-demand here.
Even as the 20-21 school year comes to a close, data privacy and cybersecurity are on the minds of district administrators and IT leaders around Illinois. That’s because this summer, new amendments to the Student Online Privacy and Protection Act (SOPPA) will come into force. At that time, districts will be required to maintain a standards-based system for protecting student data when it is shared with or collected by outside service providers.
This effort has left some educators asking: what role do teachers play in supporting a district’s SOPPA compliance? As it turns out, teachers play an important role in identifying when and to what extent an app or piece of software collects student data.
This guide will help familiarize teachers of all grade levels and content areas with SOPPA, as well as a few actionable steps they can take to help their district attain SOPPA compliance.
What is SOPPA?
In short, the Student Online Privacy and Protection Act (SOPPA) is a set of legislative requirements instituted by the State of Illinois for the purpose of creating and maintaining statewide standards for the maintenance and collection of student data. To that end, SOPPA requires schools to only collect data for demonstrably educational purposes, and to disclose publicly when data breaches occur.
Recently, new amendments have been made to SOPPA, which go into effect on July 1, 2021. These amendments, among other things, require districts to create records whenever personally identifiable information (PII) is collected by an app or other piece of software – regardless of if that app is free, paid, or even intended for educational use.
Several examples of common PII collected by digital service providers include:
- First and last name
- Email address
- Home Address
- Phone number
- Grades
- Socioeconomic status
- Test results
- Photos
- Medical records
Agreements and Service Providers
To ensure that all digital service providers are abiding by Illinois’ new standards, districts must enter into written, signed agreements attesting to the ways providers collect and maintain these types of data.
In particular, these agreements must forbid service providers from utilizing student data for the following purposes:
- Serving targeted ads
- Profiling students (except for certifiable educational uses)
- Selling or renting data
- Disclosing data publicly (except in limited circumstances, including when complying with law enforcement)
These SOPPA-compliant student data privacy agreements must also compel service providers to do the following:
- Utilize reasonable security practices in the maintenance of student PII
- Delete data when requested
- Publicly publish and display their terms of service and privacy policy
Finally, SOPPA requires districts to perform due diligence practices when it comes to their signed data privacy agreements and data breaches. To that end, all Illinois districts will be required by SOPPA to publicly list and display all data privacy agreements that they have entered into. They will also be required to publicly disclose any data breaches to parents and caregivers within 30 days of the breach’s detection.
How does this affect me as a teacher?
As you can already tell, SOPPA primarily concerns school districts and the digital service providers they utilize. However, teachers are also impacted by SOPPA, most noticeably when it comes to the digital tools, apps, and platforms they utilize in the classroom on a daily basis. As a result, you may be asked to take part in your district’s SOPPA compliance procedures
For example, you may be asked to compile a list of digital tools, apps, and platforms you currently use to teach lessons and engage students. Moreover, you may be required to submit a similar list on a regular basis going forward to ensure that your district has a written agreement with that software’s publishers.
Along the same lines, you may be asked to participate in a new app and software vetting process set up by your district. These will vary from district to district, but such a process usually provides the district an opportunity to pre-clear certain apps and software in an expedient and efficient manner.
If an app does not clear that vetting process, however, you may not be able to use it in your classroom. Your district may, in turn, ask you to find an alternative that is willing to meet the state’s student data privacy requirements.
What can I do now?
When it comes to fulfilling your role in your district’s SOPPA compliance plan, your first action step should be to speak with your building or district administrators. They can provide you insights as to what you, as a teacher, need to do in the near-term. They can also point you to your district’s SOPPA compliance officer, who may help you further organize your personal plans for SOPPA compliance.
If you haven’t already, it is recommended that you create a list of all of the digital apps, software, and platforms you utilize in your classroom. That way, when you are asked to provide such a list to your administrators, your list is ready to go.
You may also consider familiarizing yourself with your specific district’s SOPPA plans. You may have other obligations or duties under your district’s plans, so it is best to defer to it when in doubt about what you can do to support SOPPA compliance.
SOPPA Resources for All Educators
If you’re looking to learn more about SOPPA and its requirements, the LTC has you covered. Check out these following resources for an in-depth look at what Illinois schools will be required to do come July 1, 2021:
You can also check out the LTC’s Data Privacy hub for new and updated resources relating to SOPPA.