Skip to main content

Student Data Privacy

227 N. Fourth Street
Geneva, IL 60134
Phone: 630-463-3000

Student Data Privacy Practices and Resources

Educational Technology Vendors and Student Information
School districts throughout the State of Illinois contract with different educational technology vendors for beneficial K-12 purposes such as providing personalized learning and innovative educational technologies, and increasing efficiency in school operations. Under Illinois’ Student Online Personal Protection Act, or SOPPA (105 ILCS 85/), educational technology vendors and other entities that operate Internet websites, online services, online applications, or mobile applications that are designed, marketed, and primarily used for K-12 school purposes are referred to in SOPPA as operators. SOPPA is intended to ensure that student data collected by operators is protected, and it requires those vendors, as well as school districts and the Ill. State Board of Education, to take a number of actions to protect online student data.

Depending upon the particular educational technology being used, our District may need to collect different types of student data, which is then shared with educational technology vendors through their online sites, services, and/or applications. Under SOPPA, educational technology vendors are prohibited from selling or renting a student’s information or from engaging in targeted advertising using a student’s information. Such vendors may only disclose student data for K-12 school purposes and other limited purposes permitted under the law. Parents seeking to exercise their rights under SOPPA may do so by following the Student Records process outlined in the student handbook.
In general terms, the types of student data that may be collected and shared include personally identifiable information (PII) about students or information that can be linked to PII about students, such as:
  • Basic identifying information, including student or parent/guardian name and student or parent/guardian contact information, username/password, student ID number
  • Demographic information
  • Enrollment information
  • Assessment data, grades, and transcripts
  • Attendance and class schedule
  • Academic/extracurricular activities
  • Special indicators (e.g., disability information, English language learner, free/reduced meals or homeless/foster care status)
  • Conduct/behavioral data
  • Health information
  • Food purchases
  • Transportation information
  • In-application performance data
  • Student-generated work
  • Online communications
  • Application metadata and application use statistics
  • Permanent and temporary school student record information 
Operators may collect and use student data only for K-12 purposes, which are purposes that aid in the administration of school activities, such as:
  • Instruction in the classroom or at home (including remote learning)
  • Administrative activities
  • Collaboration between students, school personnel, and/or parents/guardians
  • Other activities that are for the use and benefit of the school district
Related Board Policy

Student Data Breach Summary

What is a data breach?
As defined in the Student Online Personal Protection Act (SOPPA), a "Breach" means the unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of covered information maintained by an operator or school. "Breach" does not include the good faith acquisition of personal information by an employee or agent of an operator or school for a legitimate purpose of the operator or school if the covered information is not used for a purpose prohibited by [SOPPA] or subject to further unauthorized disclosure.

Which data breaches will appear here?
As required by SOPPA, in the event that a data breach occurs which involves student data, a summary of the breach will be posted here. Breaches that involve less than 10% of a school's enrollment, do not include student covered information, do not require parent notification, or any breach that occurred prior to July 1, 2021 or within the past five (5) years, whichever is earlier, may not be reported here.

Recent Data Breach Summary
  • None to report

SOPPA Compliant Resources

The list of SOPPA compliant resources approved for use in the district is a dynamic list and will change over time. For a current list of approved operators (see Approved Operator List). In addition to the list of approved operators, the District is required to report certain student information to the Illinois State Board of Education (see ISBE Regulatory Reporting).

Related Resources

An Introduction to SOPPA (created by the LTC of Illinois)

Federal Student Records or Privacy Laws