Student Data and Privacy
Data Privacy Agreements
District 20 approved online resources, with written agreements and data elements shared with D20's ed tech vendors can be viewed at:
D20 approved online resourcesKnown Data Breaches
Parents can view known data breaches affecting more than 10% of District 20 students at:
SOPPA defines the rights parents and guardians have regarding their student’s data, which can be viewed at:
District 20's Commitment to Student Data Privacy
Keeneyville School District 20 partners with a variety of education technology companies ("ed tech vendors") to provide services in support of your child's education such as digital curriculum, educational resources, and analytical tools. District 20 is committed to protecting the information security and privacy of our students.
District 20 is required by Student Online Personal Protection Act (SOPPA) to enter into a written agreement with any ed tech vendor that operates a website, online service, online application, or mobile application that is designed, marketed, and used primarily for Kindergarten through 12th Grade purposes. The agreement defines how the vendor may and may not use student data, identifies what data is collected by the vendor, and describes the processes that should take place in the event of a data breach. District 20 will not partner with vendors who are non-compliant with applicable laws and guidelines.
Current Data Privacy Agreements and data elements shared between the District and compliant, approved ed tech vendors can be viewed here.
Not all approved online resources will be used by all students at all grade levels and directory information is only shared with an approved vendor when utilized by the student or classroom. The District will only provide the minimum amount of data required to maintained service functionality for each vendor. District 20 will not sell, rent, lease, or trade student data or share student data with external entities without a signed agreement.
Parents will be notified within thirty (30) days of a data breach affecting more than 10% of the students.
Federal and State Laws Protecting Student Data
The District is required by law to follow a variety of state and federal law and guidelines regarding the protection of student data, including the following:
On August 23, 2019, Illinois Governor J.B. Pritzker signed into law an amended version of the Student Online Personal Protection Act (SOPPA) (effective July 1, 2021) which is the data privacy law that regulates student data collection and use by schools, the Illinois State Board of Education (ISBE), and ed tech vendors. This amendment of SOPPA provides a variety of protections of student data as described below and gives parents more control over their student's data.
- External entities must protect student data, list student data used, describe the usage of student data, delete student data when no longer required, and report breaches of data. External entities are prohibited from selling, renting, leasing, trading student data, creating student profile, and targeting advertising to students.
- A school district must publish a list of data elements used, publish a list of vendor agreements, and publish parent’s rights of student data. A school district cannot sell, rent, lease or trade student data or share data with external entities without a signed agreement.
- The State Board of Education must publish a list of data elements used.
- Parents and guardians have the right to inspect, correct, and delete their child’s covered information, regardless of whether it is held by a district or a third-party operator.
The United States Department of Education guarantees that parents have the right to review and make changes to their children’s education records. FERPA also restricts who can use and access student information. FERPA provides parents with 4 basic rights:
- To inspect and review education records;
- To challenge the content of education records and to correct or delete inaccurate data;
- To control the disclosure of education records containing their child’s PII via consent;
- To file a complaint regarding noncompliance with FERPA with the Department of Education.
The Federal Trade Commission controls what information is collected from children under the age of 13 by companies operating websites, games, and mobile apps. It is specifically for website operators that collect information from children or operate a general audience website and have actual knowledge that personal information from children is being collected or have:
- Child targeted websites or those that have visual or audio content
- Child models
- Advertising directed to children
- Information regarding the age of the actual or intended audience
- Animated characters or other child-oriented features.
The United States Department of Health and Human Services prohibits the disclosure of protected health information to third parties without written authorization. HIPPA’s application to K12 schools is limited. Education records covered by FERPA are specifically excluded from the definition of protected health information. Schools are subject to HIPPA if they provide health services and electronically transmit “health information” for a reason specifically listed in the rule.