Using the National Data Privacy Agreement for SOPPA Compliance

This session aims to provide an understanding of the National Data Privacy Agreement (NDPA) released early this year by the Student Data Privacy Consortium and a State Terms Exhibit G for Illinois in accordance with SOPPA and other Illinois regulations. The NDPA’s goals are to streamline application contracting and set common expectations between schools/districts and marketplace providers.

The Learning Technology Center of Illinois is the SDPC Alliance Member for Illinois which allows any school in Illinois to access the resources of the SDPC.

Achieving SOPPA Compliance with Reasonable Security Practices

The Student Online Personal Protection Act (SOPPA) requires all Illinois public school districts to provide additional guarantees to protect student data privacy, effective July 1, 2021 (105 ILCS 85/15). Among the requirements, the act directs schools to implement and maintain reasonable security procedures and practices that meet or exceed industry standards.

In preparation for SOPPA’s effective date, the Learning Technology Center selected 43 security best practices that all districts should implement to comply with this new legislation. The practices align with CIS Controls, a globally recognized cybersecurity standard, and are vetted by numerous Illinois school district technology leaders.

Although the Illinois State Board of Education will issue additional guidance throughout the coming year, these 43 security practices can form the foundation of a strong district-wide security program, starting today.

View Reasonable Security Practices