Safety and Privacy Information
-
District 25 values your child’s privacy and strives to ensure parents are aware of the web-based tools and applications we use and the nature of personal information that will be collected and used by those tools and applications. Please visit the District 25 Product Portal to see the applications that are being used as well as the approval status, privacy status, and supporting documents in the resources section as required by the Student Online Personal Protection Act (SOPPA). In addition the following are important board policies and regulations that District 25 references to support strong data privacy protections.
Data Privacy Board Policies
The following policies deal with acceptable use, data privacy and security and are considered when developing related procedures or guidelines:
- Board policy 5:125 - Personal Technology and Social Media; Usage and Conduct
- Board policy 5:130 - Responsibilities Concerning Internal Information
- Board policy 6:235 - Access to Electronic Networks
- Board policy 7:15 - Student and Family Privacy Rights
- Board policy 7:340 - School Student Records
- Board policy 7:345 - Use of Educational Technologies; Student Data Privacy and Security
Children’s Online Privacy Protection Act (COPPA)
One of the important realities of taking advantage of the wealth of online learning tools available to us and to our students is the Children’s Online Privacy Protection Act (COPPA). This law applies to websites and online services (including mobile apps) and governs the collection and use of personal information from children under 13. When we work with a 3rd party site, we must operate within the constraints of the law.
In many cases, online services comply with the law by explicitly granting school districts the ability to create and manage accounts on behalf of students under age 13; however, many companies do not. The FTC recommends that all websites and online services – particularly those directed to children – post privacy policies online so visitors can easily learn about the operator’s information practices. As a district we work to utilize only sites that follow the COPPA requirements 100%, providing privacy policies that support our protection of online information.
Student Online Personal Protection Act (SOPPA)
Effective July 1, 2021, school districts will be required by the Student Online Personal Protection Act (SOPPA) to provide additional guarantees that student data is protected when collected by educational technology companies, and that data is used for beneficial purposes only (105 ILCS 85).
School districts throughout the State of Illinois contract with different educational technology vendors for beneficial K-12 purposes such as providing personalized learning and innovative educational technologies, and increasing efficiency in school operations. Under Illinois’ Student Online Personal Protection Act, or SOPPA (105 ILCS 85/), educational technology vendors and other entities that operate Internet websites, online services, online applications, or mobile applications that are designed, marketed, and primarily used for K-12 school purposes are referred to in SOPPA as operators. SOPPA is intended to ensure that student data collected by operators is protected, and it requires those vendors, as well as school districts and the Ill. State Board of Education, to take a number of actions to protect online student data. Depending upon the particular educational technology being used, our District may need to collect different types of student data, which is then shared with educational technology vendors through their online sites, services, and/or applications. Under SOPPA, educational technology vendors are prohibited from selling or renting a student’s information or from engaging in targeted advertising using a student’s information. Such vendors may only disclose student data for K-12 school purposes and other limited purposes permitted under the law.
Parent and Student Rights:
A student's covered information shall be collected only for K through 12 school purposes and not further processed in a manner that is incompatible with those purposes. A student's covered information shall only be adequate, relevant, and limited to what is necessary in relation to the K through 12 school purposes for which it is processed. Except for a parent of a student enrolled in a nonpublic school, the parent of a student enrolled in a school has the right to all of the following:- Inspect and review the student's covered information, regardless of whether it is maintained by the school, the State Board, or an operator.
- Request from a school a paper or electronic copy of the student's covered information, including covered information maintained by an operator or the State Board. If a parent requests an electronic copy of the student's covered information under this paragraph, the school must provide an electronic copy of that information, unless the school does not maintain the information in an electronic format and reproducing the information in an electronic format would be unduly burdensome to the school. If a parent requests a paper copy of the student's covered information, the school may charge the parent the reasonable cost for copying the information in an amount not to exceed the amount fixed in a schedule adopted by the State Board, except that no parent may be denied a copy of the information due to the parent's inability to bear the cost of the copying. The State Board must adopt rules on the methodology and frequency of requests under this paragraph.
- Request corrections of factual inaccuracies contained in the student's covered information. After receiving a request for corrections and determining that a factual inaccuracy exists, a school must do either of the following:
- If the school maintains or possesses the covered information that contains the factual inaccuracy, correct the factual inaccuracy and confirm the correction with the parent within 90 calendar days after receiving the parent's request.
- If the operator or State Board maintains or possesses the covered information that contains the factual inaccuracy, notify the operator or the State Board of the correction. The operator or the State Board must correct the factual inaccuracy and confirm the correction with the school within 90 calendar days after receiving the notice. Within 10 business days after receiving confirmation of the correction from the operator or State Board, the school must confirm the correction with the parent.
Guardian Request for Student Data Removal
In accordance with any applicable federal regulations, a school must provide a student’s parent a paper or electronic copy of the student’s covered information, including any covered information maintained by an operator or the State Board, within 45 days of receiving a request for such information, as provided under subsection (b).
a) If a parent requests an electronic copy of the student's covered information, the school must provide an electronic copy of that information, unless the school does not maintain the information in an electronic format and reproducing the information in an electronic format would be unduly burdensome to the school.
b) Each request under this Section must be submitted by a parent on a signed and dated request form that includes the parent’s name, address, phone number,
student’s name, and the name of the school from which the request is being made. A school that receives a request under this Section must require a parent to provide proof of identity and relationship to the student before access to the covered information is granted.
c) If covered information requested by a parent under this Section includes data on more than one student, the parent may inspect and review only the covered information relevant to the parent’s student.
d) A parent may make no more than one request under this Section per State fiscal quarter.
Nothing in this Section shall be construed to limit the rights granted to parents and students under the Illinois School Student Records Act or the federal Family Educational Rights and Privacy Act of 1974.
Data Breaches containing Covered Information: District 25 will post details here about data breaches involving 10% or more of the District's students, including the number of students whose covered information was involved in the breach, date of breach (or estimate) and operator name. None reported within the last 5 years.
Child Internet Protection Act (CIPA)
The school is required by CIPA to have technology measures and policies in place that protect students from harmful materials including those that are obscene and pornographic. This means that student email is filtered. Mail containing harmful content from inappropriate sites will be blocked.
The district uses a content filter (Securly) which is a cloud based solution that acts as a shield for users on the network. As a shield, Securly serves as monitor/protection between the Internet and users by blocking access from potentially objectionable or offensive material. Similar to most content filters, Securly maintains a list of sites it believes are objectionable and classifies them under different profiles, which often pertain to our students’ grade level/building. Unlike most content filters, Securly also utilizes a Real-Time Content Analysis, meaning it can identify and classify content no matter how recently it has been created, and, at the same time, identify the tell-tale signatures of the proxy sites used to try and circumvent filters. No filter guarantees to block all inappropriate or objectionable content. Staff and students are responsible for acceptable use and reporting when online.
CIPA - http://fcc.gov/cgb/consumerfacts/cipa.html
Family Educational Rights and Privacy Act (FERPA)FERPA protects the privacy of student education records and gives parents rights to review student records. Under FERPA, schools may disclose directory information (name, phone, address, grade level, etc...) but parents may request that the school not disclose this information by sending a written request to the Director of Communications.
- The school will not publish confidential education records (grades, student ID #, etc.) for public viewing on the Internet.
- The school may publish student work and photos for public viewing but will not publish student last names or other personally identifiable information.
- Parents may request that photos, names and general directory information about their children not be published. For more information on how to do this, contact Director of Communications Adam Harris at aharris@sd25.org.
- Parents have the right at any time to investigate the contents of their child’s email and Apps for Education files.