SOPPA - Student Online Personal Protection Act


Casey-Westfield CUSD #C-4 Agreements

What is SOPPA?

The Student Online Personal Protection Act, or SOPPA, is a date privacy law regulating student data collection and use by schools, the Illinois State Board of Education and education technology (EdTech) vendors.

What does it mean for you?

As a parent or caregiver, SOPPA is intended to provide you with greater control over your student's personal information. In many cases, SOPPA, gives parents and caregivers the right to inspect, correct, or delete their student's data, regardless if it is held by a school or a third-party EdTech vendor. Schools are also required to post on the school website the types of student data shared with EdTech vendors.

What's Next

Casey-Westfield CUSD C-4 is developing supports to meet all of the new requirements, protocols, and regulations. Information can always be found on this website and updates impacting students and caregivers will be shared accordingly.


Students are prohibited from using their Casey-Westfield CUSD C-4 issued Google account for activities outside of the apps/programs directed for use for and with their classroom teachers. Casey-Westfield CUSD C-4 is not liable for such accounts or activities.

Student Online Personal Protection Act (SOPPA)

The Student Online Personal Protection Act (SOPPA) requires school districts to provide additional guarantees that student data is protected when collected by educational technology companies, and that data is used for beneficial purposes only (105 ILCS 85). Effective July 1, 2021.

DISTRICT REQUIREMENTS- Below is an overview of the new requirements. Please refer to the legislation for specific timelines and components of each element. School districts must:

  1. Annually post a list of all operators of online services or applications utilized by the district.

  2. Annually post all data elements that the school collects, maintains, or discloses to any entity. This information must also explain how the school uses the data, and to whom and why it discloses the data.

  3. Post contracts for each operator within 10 days of signing.

  4. Annually post subcontractors for each operator.

  5. Post the process for how parents can exercise their rights to inspect, review and correct information maintained by the school, operator, or ISBE.

  6. Post data breaches within 10 days and notify parents within 30 days.

  7. Create a policy for who can sign contracts with operators.

  8. Designate a privacy officer to ensure compliance.

  9. Maintain reasonable security procedures and practices. Agreements with vendors in which information is shared must include a provision that the vendor maintains reasonable security procedures and practices.

Family Educational Rights and Privacy Act (FERPA)

FERPA is a Federal law that applies to all schools that receive funds from the U.S. Department of Education. FERPA protects the privacy of student education records and gives parents certain rights with respect to their children’s education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. Read More

Children’s Online Privacy Protection Act (COPPA)

COPPA’s goal is to place parents in control over what information is collected from their young children online. This act was designed to protect children under age 13 while accounting for the dynamic nature of the Internet. The Rule applies to operators of commercial websites and online services (including mobile apps) directed to children under 13 that collect, use, or disclose personal information from children, and operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13. The Rule also applies to websites or online services that have actual knowledge that they are collecting personal information directly from users of another website or online service directed to children. Read more

Children’s Internet Protection Act (CIPA)

CIPA was enacted to address concerns about children’s access to obscene or harmful content over the Internet. CIPA imposes certain requirements on schools or libraries that receive discounts through the E-rate program. Read more

Protection of Pupil Rights Amendment (PPRA)

PPRA is intended to protect the rights of parents and students in two ways:

  • It seeks to ensure that schools and contractors make instructional materials available for inspection by parents if those materials will be used in connection with an ED-funded survey, analysis, or evaluation in which their children participate; and

  • It seeks to ensure that schools and contractors obtain written parental consent before minor students are required to participate in any ED-funded survey, analysis, or evaluation that reveals certain information.

PPRA applies to programs that receive funding from the U.S. Department of Education. Read more