STUDENT DATA PRIVACY

John Gutzmer

John Gutzmer
Chief Information Officer
jgutzmer@usd116.org

QUICK LINKS

Protecting student information and securing student data are of the utmost importance to Urbana School District 116. This page contains information about USD116 Student Data Privacy, including information on the Student Online Personal Protection Act (SOPPA), and how to obtain information about data breaches, student information, and contracts with operators and vendors.

USD116 Student Data

USD116 maintains all of our internal student data in Skyward, our Student Information System (SIS). We maintain information that is necessary to conduct school operations and meet state and federal requirements for reporting and record keeping.  As the data custodians for the District, we take the security and stability of our systems seriously, and are continually working to improve security and reliability.  Student data can include information such as grades and contact information, as well as basic information such as names and schools.

The governance of data management is regulated by several state and federal laws outlined here:

 

Student Online Personal Protection Act (SOPPA)

Effective July 1, 2021, Illinois school districts will be required by the Student Online Personal Protection Act (SOPPA) to provide guarantees that student data is protected when used by educational technology companies, and that data is used for educationally beneficial purposes only (105 ILCS 85).  Below is additional information on how Urbana School District 116 is implementing SOPPA for our staff and students.
 
The Learning Technology Center has created a useful video that highlights what SOPPA is and how it works:
 
SOPPA requires that each district meet specific standards as outlined in (105 ILCS 85).
As required by SOPPA, the USD116 School Board has appointed John Gutzmer, Chief Information Officer, as the Student Data Privacy officer.  This role oversees district personnel charged with making sure that all partners, services and applications adhere to the regulations of SOPPA.  These regulations are put in place to ensure the sale, rental, lease, or trading of any District student records or covered information by the District is prohibited.   
 
The Data Privacy Officer is also designated to sign contracts with operators and review operator privacy policies to ensure they meet the requirements of SOPPA and the District. 

SOPPA requires that districts enter into Data Privacy agreements with every 3rd party software application or online service provider.  These providers are known as operators. The Data Privacy Agreements define what data is shared with the operators and what safeguards and security the operators have in place.  In addition these agreements maintain the legal standards laid out in SOPPA to ensure all vendors meet those requirements.

USD116 leverages the Student Data Privacy Consortium (SDPC), which is a collaborative of schools, districts, regional, territories and state agencies, policy makers, trade organizations and marketplace providers addressing real-world, adaptable, and implementable solutions to growing data privacy concerns. If you would like to read more about the SDPC, click here. Through the SDPC we enter into contracts with 3rd party vendors who handle our student’s data. If you would like to view the DPAs that USD116 current holds, please click the following link.

USD116 Data Privacy Agreements

In the event there is a data breach, Urbana School District 116 is required to notify parents via the District’s communication system (Skylert) within 30 days of the breach and within 60 days if a third-party is responsible for the data breach. 

Parents/guardians have the right to inspect, review, and correct information maintained by the school, operator, and the Illinois State Board of Education. All requests should be directed to the Data Privacy Officer by emailing soppa@usd116.org.

Additionally, the data that is shared with each individual operator is defined in Exhibit B of the respective Data Privacy Agreement found in the SDPC listing

USD116 maintains enterprise firewalls and network equipment and is continually working to implement upgrades and to ensure network security and student safety.

USD116 maintains reliable data backups to ensure data continuity in the event of a failure.

USD116 deploys endpoint protection systems (antivirus) to appropriate District devices.

USD116 utilizes dual content filtering systems for all District devices for internet safety of our students and staff.

USD116 is continuing to implement the LTC Reasonable Security Practices .

The USD116 Technology Committee meets regularly to determine ongoing technology and security needs for the District.

USD116 leverages the Student Data Privacy Consortium (SDPC) Digital Resource Request Form to maintain and manage a list of current operator agreements.  This list is available to staff and is communicated on an annual basis.  Staff can also request new software and applications through the management tool that is available through the IT department.

SDPC Digital Resource Agreement Listing

4:12 Acceptable Use of District Computer Network by Employees 
6:235 Access to Electronic Networks
7:345 Use of Educational Technologies; Student Data Privacy and Security 

Family Educational Rights and Privacy Act (FERPA)

FERPA is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds from the U.S. Department of Education. FERPA gives parents certain rights with respect to their children’s education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level.
 
 

Children’s Online Privacy Protection Act (COPPA)

The primary goal of COPPA is to place parents in control over what information is collected from their young children online. COPPA was designed to protect children under age 13 while accounting for the dynamic nature of the Internet. The Rule applies to operators of commercial websites and online services (including mobile apps) directed to children under 13 that collect, use, or disclose personal information from children, and operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13. The Rule also applies to websites or online services that have actual knowledge that they are collecting personal information directly from users of another website or online service directed to children. 
 

Children’s Internet Protection Act (CIPA)

CIPA was enacted by Congress in 2000 to address concerns about children’s access to obscene or harmful content over the Internet. CIPA imposes certain requirements on schools or libraries that receive discounts for Internet access or internal connections through the E-rate program
 

Protection of Pupil Rights Amendment (PPRA)

PPRA is intended to protect the rights of parents and students in two ways:

It seeks to ensure that schools and contractors make instructional materials available for inspection by parents if those materials will be used in connection with an ED-funded survey, analysis, or evaluation in which their children participate

It seeks to ensure that schools and contractors obtain written parental consent before minor students are required to participate in any ED-funded survey, analysis, or evaluation that reveals certain information.

PPRA applies to programs that receive funding from the U.S. Department of Education.

Threat Assessment Fair Notice

A Threat Risk Assessment will be initiated for behaviors including, but not limited to: serious violence or violence with intent to harm or kill, verbal/written threats to harm or kill others, online threats to harm or kill others, possession of weapons (including replicas), bomb threats (making and/or detonating explosive devices), fire setting, sexual intimidation or assault and gang related intimidation and violence.

Collection Notice
Schools and School Districts are subject to personal information privacy laws and will undertake the
collection of this information in compliance with the requirements of such laws. This will include limiting
the collection to information that is relevant and necessary to address a risk or threat and by ensuring
that information collected from an online source is only obtained from open-source sites. Schools and
School Districts will not collect information as part of a threat assessment unless there is reason to
believe that a risk exists. Information collected as part of a threat assessment may be provided to police
agencies in appropriate circumstances. Information collected will be retained and handled within current
records management procedure and guidelines

Translate-Traducir-Traduire
Skip to content