Skip To Main Content

Student Data Privacy

Managing Student Data

Community High School District 94 follows best practices in managing system and network security.  Access to student data is controlled through role based security which means that access to data is limited only to allow what is needed for any staff member to do their job.  The District also follows all rules set forth by the state and federal government such as SOPPA, FERPA, CIPA, PPRA, and HIPAA.

Student Online Personal Protection Act (SOPPA)

Effective July 1, 2021, school districts will be required by the Student Online Personal Protection Act (SOPPA) to provide additional guarantees that student data is protected when collected by educational technology companies, and that data is used for beneficial purposes only (105 ILCS 85).

DISTRICT REQUIREMENTS

Below is a high-level overview of the new requirements. Please refer to the legislation for specific timelines and components of each element. School districts must:

1: Annually post a list of all operators of online services or applications utilized by the district.

Annual Notice to Parents about Technology Vendors under SOPPA Act

2: Annually post all data elements that the school collects, maintains, or discloses to any entity. This information must also explain how the school uses the data, and to whom and why it discloses the data.

Annual Notice to Parents about Technology Vendors under SOPPA Act  

3: Post contracts for each operator within 10 days of signing. 

Posted list of contracts for each operator

4:Annually post subcontractors for each operator. 

Posted list of contracts for each operator  

5: Post the process for how parents can exercise their rights to inspect, review and correct information maintained by the school, operator, or ISBE. 

Please contact our Student Data Privacy e-mail for if you have questions about student data information maintained by the school, operator, or ISBE.  

6: Post data breaches within 10 days and notify parents within 30 days.

Information will be located here if/when a data breach occurs.

The Superintendent or designee shall ensure the District implements and maintains reasonable security procedures and practices that otherwise meet or exceed industry standards designed to protect covered information from unauthorized access, destruction, use, modification, or disclosure. In the event the District receives notice from an operator of a breach or has determined a breach has occurred, the Superintendent or designee shall also ensure that the District provides any breach notifications required by State law.  

7: Create a policy for who can sign contracts with operators.

The Superintendent or designee designates which District employees are authorized to enter into written agreements with operators for those contracts that do not require separate Board approval. Contracts between the Board and operators shall be entered into in accordance with State law and Board policy 4:60, Purchases and Contracts, and shall include any specific provisions required by State law.

8: Designate a privacy officer to ensure compliance.

The Superintendent or designee shall ensure the District implements and maintains reasonable security procedures and practices that otherwise meet or exceed industry standards designed to protect covered information from unauthorized access, destruction, use, modification, or disclosure. In the event the District receives notice from an operator of a breach or has determined a breach has occurred, the Superintendent or designee shall also ensure that the District provides any breach notifications required by State law.

9: Maintain reasonable security procedures and practices. Agreements with vendors in which information is shared must include a provision that the vendor maintains reasonable security procedures and practices.

Posted list of contracts for each operator  

District 94's Data Privacy Agreements are listed on the Illinois Student Privacy Alliance website


Family Educational Rights and Privacy Act (FERPA)

FERPA is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds from the U.S. Department of Education. FERPA gives parents certain rights with respect to their children’s education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level.


Children’s Internet Protection Act (CIPA)

CIPA was enacted by Congress in 2000 to address concerns about children’s access to obscene or harmful content over the Internet. CIPA imposes certain requirements on schools or libraries that receive discounts for Internet access or internal connections through the E-rate program. Read more


Protection of Pupil Rights Amendment (PPRA)

The Protection of Pupil Rights Amendment (PPRA) is a federal law that affords certain rights to parents of minor students with regard to surveys that ask questions of a personal nature. Briefly, the law requires that schools obtain written consent from parents before minor students are required to participate in any U.S. Department of Education funded survey, analysis, or evaluation that reveals information concerning certain topics. Read More


Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. Read More


Community High School District 94 web based software Privacy Policies:

Privacy Policies for software that District 94 uses can be found on the Illinois Student Privacy Alliance website