What is SOPPA?

(From: https://ltcillinois.org/blog/tag/soppa/)

In short, the Student Online Privacy and Protection Act (SOPPA) is a set of legislative requirements instituted by the State of Illinois for the purpose of creating and maintaining statewide standards for the maintenance and collection of student data. To that end, SOPPA requires schools to only collect data for demonstrably educational purposes, and to disclose publicly when data breaches occur.


Recently, new amendments have been made to SOPPA, which went into effect on July 1, 2021. These amendments, among other things, require districts to create records whenever personally identifiable information (PII) is collected by an app or other piece of software – regardless of if that app is free, paid, or even intended for educational use.


Several examples of common PII collected by digital service providers include:

  • First and last name

  • Email address

  • Home Address

  • Phone number

  • Grades

  • Socioeconomic status

  • Test results

  • Photos

  • Medical records


Agreements and Service Providers

To ensure that all digital service providers are abiding by Illinois’ new standards, districts must enter into written, signed agreements attesting to the ways providers collect and maintain these types of data. In particular, these agreements must forbid service providers from utilizing student data for the following purposes:

  • Serving targeted ads

  • Profiling students (except for certifiable educational uses)

  • Selling or renting data

  • Disclosing data publicly (except in limited circumstances, including when complying with law enforcement)


These SOPPA-compliant student data privacy agreements must also compel service providers to do the following:

  • Utilize reasonable security practices in the maintenance of student PII

  • Delete data when requested

  • Publicly publish and display their terms of service and privacy policy


Finally, SOPPA requires districts to perform due diligence practices when it comes to their signed data privacy agreements and data breaches. To that end, all Illinois districts will be required by SOPPA to publicly list and display all data privacy agreements that they have entered into. They will also be required to publicly disclose any data breaches to parents and caregivers within 30 days of the breach’s detection.

Data Privacy Agreements (DPA)

Hall High School leverages the Student Data Privacy Consortium (SDPC), which is an unique collaborative of schools, districts, regional, territories and state agencies, policy makers, trade organizations and marketplace providers addressing real-world, adaptable, and implementable solutions to growing data privacy concerns. If you would like to read more about the SDPC, click here. Through the SDPC we enter into contracts with 3rd party vendors who handle our student's data. If you would like to view the DPAs that Hall High School current holds, please click the following link.

Hall High School DPAs