Student Data Privacy & Security
Leyden High School District 212 is committed to legally and ethically protecting our students' data. We comply with all security and privacy laws when using student information internally and when sharing it with our third-party partners.
The Superintendent has authorized the Director of Technology to act as the District's Data Privacy Officer to establish, implement, and maintain data and information security measures. These policies, standards, guidelines, processes, and procedures apply to all students and employees of the district, contractual third parties and agents of the district, and volunteers who have access to district data systems or data.
District 212 uses many of the resources provided by the following:
- Learning Technology Center (LTC) of Illinois
A statewide program that supports all publick K-12 districts, schools, and educators.
- Student Data Privacy Consortium (SDPC)
An unique collaborative of schools, districts, regional, territories and state agencies, policy makers, trade organizations and marketplace providers addressing real-world, adaptable, and implementable solutions to growing data privacy concerns.
- Illinois Student Privacy Alliance (ISPA)
A free consortium that allows school districts to access management tools and resources for data privacy agreements.
Important Data Privacy Laws
Important District 212 Board of Education Policies
Student Online Personal Protection Act (SOPPA)
From Section 3 of the Student Online Personal Protection Act (SOPPA):
"Legislative intent. Schools today are increasingly using a wide range of beneficial online services and other technologies to help students learn, but concerns have been raised about whether sufficient safeguards exist to protect the privacy and security of data about students when it is collected by educational technology companies. This Act is intended to ensure that student data will be protected when it is collected by educational technology companies and that the data may be used for beneficial purposes such as providing personalized learning and innovative educational technologies."
SOPPA provides various prohibitions and responsibilities on the educational technology companies/vendors, referred to in the law as "operators." Some of these prohibitions and responsibilities include the following:
- The law prohibits operators from engaging in targeted advertising to students, amassing a profile on students, selling or renting student information, or using student information except in limited ways.
SOPPA also places responsibilities on school districts, including requiring data sharing agreements with many of these operators. SOPPA also gives parents certain rights when it comes to their children’s data.
SOPPA Introduction Video by the LTC
Outside Applications Used by District 212
- District 212 requires all educational technology companies (operators) with which covered student information is shared, to sign a Data Privacy Agreement (DPA).
- Data Privacy Agreements outline what data is potentially shared, the purpose for collecting the data, what subcontractors they use, how they protect the data, what they will do in the event of a data breach, and additional information.
- District 212 utilizes the tools made available through the Student Data Privacy Consortium (SDPC) and Illinois Student Privacy Alliance (ISPA) to enter into and manage all Data Privacy Agreements.
List of currently exectuted Data Privacy Agreements
Procedures for Parents Allowed Under SOPPA
A parent may make no more than two requests per student per state fiscal quarter to inspect, correct, or delete their student's covered information no more than twice per year, once each semester. Requests must be submitted through the form below and parents will only be granted access to their student's covered information after they have provided proof of identity and relationship to the student. District 212 will make its best effort to respond to all requests withing 45 days of a submission and provide results to the parents electronically.
Data Breach Notification Process
In the unlikely situation that an operator experiences a potential data breach, they must notify District 212 as soon as possible. After receiving notice of a potential breach, we will evaluate their report and, if confirmed, provide notifications to parents. Information on past breaches will be publicly displayed below and contain the following information.
- Date or estimated date/range of the breach
- Description of covered information breached
- The number of students unless disclosure would violate the Personal Information Protection Act
- Contact information of the operator for questions
- Toll-free numbers, addresses, and websites of consumer reporting agencies and the FTC
The District will also notify parents and post information in the event the District’s data systems are breached.
Note: A notice of breach may be delayed if a law enforcement agency determines that the notification will interfere with a criminal investigation. If a breach impacts less than 10% of the student enrollment, by law it does not need to be disclosed in the manner described above.
Current Data Breaches (last updated on 8/6/2021)
There are no known data breaches at this time impacting District 212 covered information.