Illinois Governor J.B. Pritzker signed the Student Online Personal Protection Act of 2019 on August 23, a measure giving parents additional control over online information schools collect from kids and how this data is used. The new law amends the original Illinois Student Online Personal Protection Act (SOPPA).
The amount of personal data collected of students is surprisingly large. Up until now, the way it’s used by schools and third parties is also unregulated.
“Everything from their purchases in the cafeteria to their homework assignments to their standardized test scores,” Cassie Creswell of Illinois Families for Public Schools told WBBM Newsradio. “Sensitive information about their behavior and health.”

SOPPA now requires schools to notify parents within 30 days of a data breach and within 60 days if a third-party is responsible for the data leak. The change comes after publisher Pearson suffered a major data breach, affecting hundreds of thousands of students across the country. For Illinois’ Naperville District alone, this impacted 53,000 students and 3,100 educators.
New provisions clarify parents’ right to inspect, correct, and delete their kid’s data regardless of who holds the data. Schools can only collect data that directly relates to school activities and are unable to use it for other purposes.
If schools are sharing kids’ data with third parties, they must now have a written agreement meeting certain criteria. The agreements will be publically available along with the specific data being pulled for sharing.
“Educational records aren’t just in a locked file cabinet in the school office anymore,” Catherine Francis, Illinois Families for Public Schools’ board member told WBBM.
The need to protect student’s data privacy in the digital age is rising and the changes reflect it. As for this new measure in Illinois, it’s due to be enacted July 1, 2021.
Student Data Privacy Sources
WBBM Newsradio
Illinois Families for Public Schools
Fast Company
Illinois General Assembly