Student Data Privacy
Student data is protected through comprehensive privacy policies and security measures such as firewalls, secure servers, intrusion detection software, and other methods.
Effective July 1, 2021, school districts will be required by the Student Online Personal Protection Act (SOPPA) to provide additional guarantees that student data is protected when collected by the educational technology companies, and that data is used for beneficial purposes only (105 ILCS 85). In compliance, Kirby School District 140 only collects information that directly relates to school activities and safeguards the privacy of students and confidentiality of student data.
SOPPA requires that school districts must:
- Enter into written agreements with all K-12 service providers who collect student data. Covered data includes, but is not limited to: information in the student's educational record, first/last name, address, phone number, email address, grades, test results, socioeconomic information, photos, search activity, voice recordings, geolocation information, and more.
- Implement and maintain reasonable security practices. Student data is protected through comprehensive privacy policies and security measures such as firewalls, secure servers, intrusion detection software, and other methods. Written agreements with vendors require that the vendor also maintains security procedures.
- Post a list of operators. This list will include what data elements are shared, written agreements/contracts with the operator within 10 days of signing, and subcontractors for each operator.
Kirby School District 140 Technology Policies and Guidelines
- 6:235 Access to Electronic Networks and Acceptable Use Policy
- 7:345 Use of Educational Technologies; Student Data Privacy and Security
Kirby School District 140 adheres to the following applicable laws regarding student data and privacy:
- Children's Internet Protection Act (CIPA)
Imposes certain requirements on schools that utilize the federal E-Rate program to receive discounts for internet access and other technology services, or that receive federal grants for other technology expenses.
- Children's Online Privacy Protection Act (COPPA)
Restricts the collection of personal information from children under 13 by companies operating websites, games, mobile applications, and digital services that are directed to children or that collect personal information from individuals known to be children.
- Family Educational Rights and Privacy Act (FERPA)
Governs information in a student’s education record, restricting access and use of student information.
- Illinois School Student Records Act (ISSRA)
Similar to FERPA, ISSRA ensures parent/guardian access to their child’s records and protects the privacy of those records.
- Student Online Personal Protection Act (SOPPA)
Guarantees that student data is protected when collected by educational technology companies, and that data is used for beneficial purposes only.
Kirby School District 140 Data Privacy Officer
Federal and State laws govern the protection of student data, including school student records and/or covered information. The sale, rental, lease, or trading of any school student records or covered information by the District is prohibited. Protecting such information is important for legal compliance, District operations, and maintaining the trust of District stakeholders, including parents, students, and staff. The superintendent designates the Director of Technology to serve as Privacy Officer, who shall ensure the District complies with the duties and responsibilities required of it under the Student Online Personal Protection Act, 105 ILCS 85/, amended by P.A. 101-516, eff. 7-1-21.
District-approved Web-based Tools/Applications and Written Agreements
Kirby School District 140 values your child's privacy and strives to ensure that parents are aware of what web-based tools and applications are being used for educational purposes. We leverage the Student Data Privacy Consortium (SDPC), which is a unique collaborative of schools, districts, regional, territories/state agencies, policymakers, trade organizations, and marketplace providers addressing real-world, adaptable, and implementable solutions to growing data privacy concerns. If you would like to read more about the SDPC, click here. Through the SDPC we enter into contracts with 3rd party vendors who handle our student's data. A list of KSD140 approved web-based tools, written agreements with operators, and a list of data elements will be shared here beginning July 1, 2021.
Parents have the right to inspect, review, and correct information maintained by the school, operator, and the Illinois State Board of Education. All requests should be directed to the Director of Technology at 708-532-6462.
In the event that there is a data breach, Kirby School District 140 will notify parents via district communication systems within 30 days of a data breach and within 60 days if a third party is responsible for the data breach.