Illinois Governor J.B. Pritzker signed the Student Online Personal Protection Act of 2019, a measure that gives parents more control over online information schools collect from students and how their data is used.
The new law amends the original Illinois Student Online Personal Protection Act (SOPPA). SOPPA now requires schools to notify parents within 30 days of a data breach and within 60 days if a third-party is responsible for the data breach. The change is inspired by the data breach that publisher Pearson suffered, which affected thousands of students in many states.
New provisions enables parents to approve and delete their child's data. Additionally, if schools are sharing student data with third parties, they must now have a written agreement that has to be publicly available along with the data being shared.
Personally identifiable information subject to be approve by parents include student's educational record or electronic mail, first and last name, home address, telephone number, electronic mail address or other information that allows physical or online contact, discipline records, test results, special education data, juvenile dependency records, grades, evaluations, criminal records, medical records, health records, a social security number, biometric information, disabilities, socioeconomic information, food purchases, political affiliations, religious information, text messages, documents, student identifiers, search activity, photos, voice recordings, or geolocation information.