Student Data Privacy
Student Online Personal Protection Act (SOPPA)
Effective July 1, 2021, Illinois school districts will be required by the Student Online Personal Protection Act (SOPPA) to provide additional guarantees that student data is protected when collected by educational technology companies, and that data is used for beneficial purposes only (105 ILCS 85).
As part of SOPPA, these companies must enter into Data Privacy Agreements (DPA) with each district that uses their products. These agreements outline what data is stored, how it is protected, what the company can and cannot do with that data, and what they will do in the event of a data breach. A listing of the District’s data privacy agreements for approved technology sites, apps, and web tools can be found here*.
**Please note that contracts may originate with other school districts, which appear on the first page of the contract. The last page (Exhibit E) of these documents indicates District 28's contractual agreement.
District 28 will post details here about data breaches involving 10% or more of the District's students, including the number of students whose covered information was involved in the breach, date of breach (or estimate) and operator name.