What is SOPPA?
What happens to the student data that we send to a third party vendor? Information like names, birthdates, etc... may be provided by DeKalb CUSD 428 to a third party service provider. What protections do those companies have in place to make sure that our student's data is not sold or freely given to others? This is exactly what SOPPA looks to address.
As part of SOPPA, these companies must enter into Data Privacy Agreements (DPA) with each district they work with. These agreements outline what data is stored, how it is protected, what the company can and cannot do with that data, and what they will do in the event of a data breach.
Effective July 1, 2021, school districts will be required by the Student Online Personal Protection Act (SOPPA) to provide additional guarantees that student data is protected when collected by the educational technology companies, and that data is used for beneficial purposes only (105 ILCS 85). In compliance, DeKalb Community Unit School District 428 only collects information that directly relates to school activities and safeguards the privacy of students and confidentiality of student data.
Under Illinois’ Student Online Personal Protection Act, or SOPPA (105 ILCS 85/), educational technology vendors and other entities that operate Internet websites, online services, online applications, or mobile applications that are designed, marketed, and primarily used for K-12 school purposes are referred to in SOPPA as operators. SOPPA is intended to ensure that student data collected by operators is protected, and it requires those vendors, as well as school districts and the Illinois State Board of Education, to take a number of actions to protect online student data.
Depending upon the particular educational technology being used, our District may need to collect different types of student data, which is then shared with educational technology vendors through their online sites, services, and/or applications. Under SOPPA, educational technology vendors are prohibited from selling or renting a student’s information or from engaging in targeted advertising using a student’s information. Such vendors may only disclose student data for K-12 school purposes and other limited purposes permitted under the law.
Click here to learn more about SOPPA
Data Privacy Agreements (DPA)
CUSD428 leverages the Student Data Privacy Consortium (SDPC), through SDPC we enter into contracts with 3rd party vendors who handle our student's data. If you would like to view the DPAs that CUSD428 currently holds,
please click here
Click Here for more infromation about SDPC
Approval Process
The approval process for application use within the district is a simple process. If the instructor or staff member would like to use a application within the classroom or anywhere within the district that uses student information
they first have to check the list of approved applications. If the applications they have in mind is listed, nothing more has to be done and they are free to use the application. If the application is not on the list of approved
applications. They will need to submit a helpdesk ticket so the technology department can start the process of approving the application. Alternatively, staff members can log into the SDPC site and request applications that are not on the approved list. The list of approved apps are listed here