A number of D205's Board policies may apply to the collection, use, and disclosure of student data. Please note that this Section summarizes the Board policies for a point of reference and does not provide the entire content of these policies.

• Policy 6:40, Curriculum Development

• Policy 6:60, Curriculum Content

• Policy 6:235, Access to Electronic Network

• Policy 7:15, Student and Family Privacy Rights

• Policy 7:140, Search and Seizure

• Policy 7:310, Restrictions on Publications: Elementary Schools

• Policy 7:315, Restrictions on Publications: High Schools

• Policy 7:340, Student Records

• Policy 7:345, Use of Educational Technologies; Student Data Privacy and Security

One exception to parent consent is that D205 may release student records/information to District employees or school officials who have a current, demonstrable educational or administrative interest in the student, in furtherance of such interest. A “current, demonstrable educational or administrative interest” means that the person requires access to the student record information to perform his or her required services or functions for the District. A “school official” is defined, in part, as a contractor, consultant, or other party to whom the District has outsourced institutional services or functions, provided that the outside party: (1) performs an institutional service or function for which the District would otherwise use employees; (2) is under the direct control of the District with respect to the use and maintenance of student record information; and (3) is subject to the confidentiality requirements for the use and redisclosure of individually identifiable information from student records.

This means that “school officials” may be third-party Internet or cloud-based educational service providers used by the District, including but not limited to, the products, software, subscriptions, tools, and mobile applications provided by the service providers/vendors. Some examples of Internet or cloud-based educational services are:

• Cloud storage (e.g., Google Drive, Google Docs,)

• Document sharing and editing applications (e.g., Dochub)

• Differentiated instruction (e.g., Moby Max)

• E-mail services (e.g., Gmail)

• Game-based learning applications (e.g., BrainPop, Kahoot!)

• Learning platforms/management systems (e.g., Edmodo, Khan Academy)

• Library management systems, subscriptions/e-book websites (e.g., Follett Destiny)

• Notification systems (e.g., SchoolMessager )

• Productivity tools (e.g., Google Apps for Education)

In addition, the District will take appropriate measures to address any computer conduct by students or school officials that violates federal or State law, Board policy or school rules. The District’s response to computer misconduct will take into consideration any student privacy implications and will be handled in a manner consistent with the following Board policies:

• Policy 5:125, Personal Technology and Social Media; Usage and Conduct

• Policy 5:130, Responsibilities Concerning Internal Information

• Policy 7:20, Harassment of Students Prohibited

• Policy 7:180, Prevention of and Response to Bullying, Intimidation, and Harassment

• Policy 7:190, Student and Behavior Discipline

• Policy 7:230, Misconduct by Students with Disabilities

• Policy 7:340, Student Records

• Policy 7:345, Use of Educational Technologies; Student Data Privacy and Security

The Children’s Internet Protection Act (CIPA) was enacted to address concerns about children's access to obscene or harmful content over the Internet. CIPA imposes certain requirements on schools that receive discounts for Internet access or through the e-rate program, which is a program that makes certain communications services and products more affordable for eligible schools. To be eligible to receive discounts, a school must have an Internet safety policy that includes protection measures to block or filter Internet access to pictures that are obscene, child pornography, or harmful to minors. A school is also required to include in its Internet safety policies that the school will monitor the online activities of children and will educate children about appropriate online behavior, including interacting with other individuals on social networking websites and in chat rooms, and cyber bullying awareness and response. More information is available at www.fcc.gov/consumers/guides/childrens-internet-protection-act. (47 U.S.C. §254(h), (i); 47 C.F.R. §54.520.) 

The Children’s Online Privacy and Protection Act (COPPA) also deals with children’s online privacy. The primary goal of COPPA is to place parents in control over what information is collected from children under age 13. COPPA applies to commercial websites and online services. The term “online service” broadly covers any service available over the Internet (including mobile apps), or that connects to the Internet or a wide-area network. COPPA imposes requirements on: operators of websites and online services directed to children under 13 that collect, use, or disclose personal information from children; operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13; and operators of websites or online services that have actual knowledge that they are collecting personal information directly from users of another website or online service directed to children. More information is available at www.ftc.gov/tips-advice/business-center/privacy-and-security/children%27s-privacy. (15 U.S.C. §§6501-6505; 16 C.F.R. Part 312.) 

The Every Student Succeeds Act (ESSA) provides, in part, that school districts may use federal funds to support efforts to effectively integrate technology into curricula and instruction in numerous ways and to teach staff about the appropriate use of student data. The ESSA supports “digital learning,” which means any instructional practice that effectively uses technology to strengthen a student's learning experience and encompasses a wide spectrum of computer and Internet-based tools and practices. More information is available at www.ed.gov/ESSA. (P.L. 114-95, December 10, 2015, 129 Stat 1802.) 

The Federal Educational Rights and Privacy Act (FERPA) affords parents/guardians important rights concerning their children's school student records and the personally identifiable information in those records. FERPA gives parents/guardians the rights to: (1) inspect and review the student's records maintained by the school; (2) request that a school amend the student’s records; (3) consent in writing to the disclosure of personally identifiable information from the student's records, except under certain permitted situations; and (4) file a complaint with the U.S. Department of Education’s Family Policy Compliance Office regarding an alleged violation under FERPA. More information on FERPA is available at https://studentprivacy.ed.gov/ and https://studentprivacy.ed.gov/sites/default/files/resource_document/file/ferpa-hipaa-guidance.pdf. (20 U.S.C. § 1232g; 34 C.F.R. Part 99.)

The Children's Privacy Protection and Parental Empowerment Act prohibits the sale or purchase of personal information of a child under age 16 without parent/guardian consent, unless a certain exception applies. (325 ILCS 17/1 et seq.)

The Illinois School Student Records Act (ISSRA) is similar to FERPA and also affords parents/guardians rights concerning their children's school student records and the individually identifiable information in those records. Like FERPA, the two primary purposes of the ISSRA is to ensure parent/guardian access to their child’s records and the confidentiality of student records and the information in those records. (105 May 2021 ILCS 10/1 et seq.; 23 Ill Admin. Code Part 375.)

The Local Records Act provides requirements for how local governments, such as school districts, maintain day-to-day recordkeeping and destroy records prepared or received in the course of public business. (50 ILCS 205/1 et seq.; 44 Ill. Admin. Code Part 4500.)

The Illinois Mental Health and Developmental Disabilities Confidentiality Act (MHDDCA) governs the confidentiality of communications and records concerning mental health or developmental disability services provided to a student by school personnel who meet the definition of a “therapist” under the MHDDCA, such as a school psychologist, social worker, or nurse. The MHDDCA affords parents/guardians (and students age 12 or older) with rights to access records and provide written consent prior to disclosure of records or communications, except under specific circumstances. (740 ILCS 110/1 et seq.) 

The Right to Privacy in the School Setting Act provides that schools must give notice to students and parents/guardians about privacy of students’ passwords for their social networking profiles/websites, unless there is specific information about activity on the student’s account that violates a school disciplinary rule or policy. (105 ILCS 75/1 et seq.) 

The Student Online Personal Protection Act (SOPPA) protects the privacy and security of student data when collected by educational technology companies operating online websites, online services, or online/mobile applications. Pursuant to SOPPA, school districts must “implement and maintain reasonable security procedures and practices that otherwise meet or exceed industry standards designed to protect covered information from unauthorized access, destruction, use, modification, or disclosure". The SOPPA allows data to be used to benefit students, including as a way to provide personalized learning and educational technology. The SOPPA bars the use of student data for targeted advertising and prohibits the sale of student information gathered during the students’ use of educational technology.  The SOPPA requires that school districts entered into data sharing agreements with educational technology vendors with whom the school district shares certain covered information. The SOPPA also requires that school districts publish information about any Data Breach affecting 10% or more of students. (105I ILCS 85/1 et.seq.)

Parents may request to inspect and review their student’s covered information. Requests for reviewing records must be made in writing and include the date of the request, the parent’s name, address, phone number, student’s name, and the name of the school from which the request is being made. The District has Requests for Inspect, Copy or Challenge forms available here. Completed forms should be given to Jenny Reichert, Administrative Assistant for Technology in the Technology Department. Parents will be required to provide proof of identity and relationship to the student before access to the covered information is granted. 

The District shall provide an electronic copy of the records within 45 days of receiving a request for the covered information. If a parent requests a paper copy, the District will charge .35 cents per page. No parent will be denied a paper copy due to an inability to pay. 

A parent may make a request to review and receive copies of covered information no more than two requests per student per quarter. 

Parents may request corrections of factual inaccuracies contained in their student’s covered information. The District will review the request, determine if an inaccuracy exists, and if so, will make any necessary corrections within 90 days of the request. If the correction needs to be made by the Illinois State Board of Education or a District’s vendor, any necessary corrections will also be made within 90 days of the request and the District will notify the parent of any necessary corrections within 10 days after receiving confirmation of the corrections. 

If a parent requests the deletion of any covered information, the District will review the request to determine whether such a deletion would violate the law or result in the student being unable to participate in the District’s curriculum. Parents may also consult the District’s procedures on reviewing and challenging student records if the covered information also constitutes student records.