STUDENT ONLINE PERSONAL PROTECTION ACT (SOPPA)
We are committed to protecting the information security of Noble students in accordance with the Student Online Personal Protection Act.
WHAT IS SOPPA?
SOPPA is a state law that governs and protects the privacy and security of student data when it is shared with and collected by educational technology companies. SOPPA regulates these companies who provide web-based sites, services, online and mobile applications that are used primarily for K to 12 purposes.
Currently, SOPPA provides various prohibitions and responsibilities on these companies. The law has important provisions which prevent companies from engaging in targeted advertising to students, amassing a profile on students, selling or renting student information, or using student information except in limited ways. Additionally, companies must meet certain security requirements when storing student data, delete student data when requested by the district, and maintain a public privacy policy.
SOPPA also places responsibilities on school districts like Noble, including requiring data sharing agreements with many of these companies. SOPPA also gives parents/guardians certain rights when it comes to their children’s data.
WHAT DOES IT MEAN FOR YOU?
If you are a parent or guardian, you will have greater control over your child’s personal information. In many cases, SOPPA gives parents the right to inspect, correct, and delete their child’s data, regardless of whether it is held by a school or a third-party EdTech vendor. Illinois schools will also be required to post on their website the types of student data they share with EdTech vendors and provide a notice about the EdTech vendors with whom they work.
If you are a teacher you will need to inform parents of the EdTech products you have chosen for your classroom and ask for parental consent when appropriate. If you are the principal, you will need to ensure the EdTech vendors chosen by staff are part of our approved vendors and have signed contracts with us.
Ensuring our students’ safety is critically important to Noble, and establishing protocols compliant with this legislation will enable us to do so consistently.
HOW DOES NOBLE COMPLY WITH SOPPA?
SOPPA requires that all companies with which Noble shares covered information sign a data sharing agreement that outlines what data is being shared, the purpose of collecting the data and how the data will be used and protected. To view a list of all operators of online services or applications utilized by Noble, please visit the Noble Data Online Resources.
Noble has also adopted a SOPPA policy that governs our implementation of SOPPA and identifies who at the district can enter into data sharing agreements with vendors.
Finally, Noble always uses robust security measures to protect the student data in its care.
HOW CAN PARENTS/GUARDIANS VIEW AND CORRECT STUDENT DATA?
Parents/guardians may request to inspect and review their student’s covered information. Requests for reviewing records must be made in writing and include the date of the request, the parent/guardian’s name, address, phone number, student’s name, and the name of the school from which the request is being made. Noble has forms available. Parents/guardians will be required to provide proof of identity and relationship to the student before access to the covered information is granted. If the covered information you request includes your child’s school student records, Noble will permit you to inspect and review any school student records of your child in accordance with Noble’s procedures for student records requests.
Noble shall provide an electronic copy of the records within 45 days of receiving a request for the covered information. If a parent/guardian requests a paper copy, Noble will charge .35 cents per page. No parent/guardian will be denied a paper copy due to an inability to pay. A parent/guardian may make a request to review and receive copies of covered information no more than two requests per student per quarter.
Parents/guardians may request corrections of factual inaccuracies contained in their student’s covered information. If the covered information you are requesting to be corrected includes your child’s school student records, Noble will follow its procedures for amendment of student records with respect to those school student records. Noble will review the request, determine if an inaccuracy exists, and if so, will make any necessary corrections within 90 days of the request. If the correction needs to be made by the Illinois State Board of Education or a District’s vendor, any necessary corrections will also be made within 90 days of the request and Noble will notify the parent/guardian of any necessary corrections within 10 days after receiving confirmation of the corrections.
If a parent/guardian requests the deletion of any covered information, Noble will review the request to determine whether such a deletion would violate the law or result in the student being unable to participate in Noble’s curriculum.
WHAT HAPPENS IF DATA IS BREACHED?
In the unlikely situation that a vendor experiences a potential data breach, Noble will be notified. After receiving notice of a potential breach, we will evaluate the report and if confirmed, provide notifications to parents/guardians. Information on any breach that impacts more than 10% of our students will be publicly displayed.
Noble will also notify parents/guardians and post information in the event Noble’s data systems are breached.
Note: A notice of breach may be delayed if a law enforcement agency determines that the notification will interfere with a criminal investigation.
To view notifications and information about breaches of student data in accordance with the Student Online Personal Protection Act please go to our Noble Breach Notification Page.
WHAT’S NEXT?
If you have any questions or would like more information on SOPPA, please contact Noble’s SOPPA Privacy Officer.