DISTRICT REQUIREMENTS:
Below is a high-level overview of the new requirements. Please refer to the legislation for specific timelines and components of each element. School districts must:
1. Annually post a list of all operators of online services or applications utilized by the district.
2. Annually post all data elements that the school collects, maintains, or discloses to any entity. This information must also explain how the school uses the data, and to whom and why it discloses the data.
3. Post contracts for each operator within 10 days of signing.
4. Annually post subcontractors for each operator.
5. Post the process for how parents can exercise their rights to inspect, review and correct information maintained by the school, operator, or ISBE.
6. Post data breaches within 10 days and notify parents within 30 days.
7. Create a policy for who can sign contracts with operators.
8. Designate a privacy officer to ensure compliance.
9. Maintain reasonable security procedures and practices. Agreements with vendors in which information is shared must include a provision that the vendor maintains reasonable security procedures and practices.
Vendors, Written Agreements, and Personally Identifiable Information (PII)
Cairo School District #1 is a proud member of the Illinois Student Privacy Alliance, which is a collaboration of Illinois school districts that share common concerns around student privacy. Cairo School District #1's list of vendors which utilize student information, written privacy agreements with those vendors, and the types of student information utilized by these vendors, can be found
here at Cairo School District #1's entry with the Student Data Privacy Consortium.
Parent and Student Rights:
- A student's covered information shall be collected only for K through 12 school purposes and not further processed in a manner that is incompatible with those purposes.
- A student's covered information shall only be adequate, relevant, and limited to what is necessary in relation to the K through 12 school purposes for which it is processed.
- Except for a parent of a student enrolled in a nonpublic school, the parent of a student enrolled in a school has the right to all of the following:
(1) Inspect and review the student's covered information, regardless of whether it is maintained by the school, the State Board, or an operator.
(2) Request from a school a paper or electronic copy of the student's covered information, including covered information maintained by an operator or the State Board. If a parent requests an electronic copy of the student's covered information under this paragraph, the school must provide an electronic copy of that information, unless the school does not maintain the information in an electronic format and reproducing the information in an electronic format would be unduly burdensome to the school. If a parent requests a paper copy of the student's covered information, the school may charge the parent the reasonable cost for copying the information in an amount not to exceed the amount fixed in a schedule adopted by the State Board, except that no parent may be denied a copy of the information due to the parent's inability to bear the cost of the copying. The State Board must adopt rules on the methodology and frequency of requests under this paragraph.
(3) Request corrections of factual inaccuracies contained in the student's covered information. After receiving a request for corrections and determining that a factual inaccuracy exists, a school must do either of the following:
(A) If the school maintains or possesses the covered information that contains the factual inaccuracy, correct the factual inaccuracy and confirm the correction with the parent within 90 calendar days after receiving the parent's request.
(B) If the operator or State Board maintains or possesses the covered information that contains the factual inaccuracy, notify the operator or the State Board of the correction. The operator or the State Board must correct the factual inaccuracy and confirm the correction with the school within 90 calendar days after receiving the notice. Within 10 business days after receiving confirmation of the correction from the operator or State Board, the school must confirm the correction with the parent.
- Nothing in this Section shall be construed to limit the rights granted to parents and students under the Illinois School Student Records Act or the federal Family Educational Rights and Privacy Act of 1974.