Student Data Privacy
Huntley 158 takes information security seriously and follows best practices in establishing and managing system and network access security. To maintain confidentiality and integrity of District information and data (including student data), District 158 has implemented targeted, role-based, internal security processes and procedures that include:
- Systems that control where key information is stored
- Security practices and internal controls that restrict who has rights to view, add/delete, or edit information
- Controlled access to District data centers and key networking equipment
Huntley 158 takes the privacy of our student’s data seriously and is compliant with the following data privacy laws:
Children’s Internet Protection Act (CIPA): Imposes certain requirements on schools that utilize the federal E-Rate program to receive discounts for internet access and other technology services, or that receive federal grants for other technology expenses.
Children’s Online Privacy Protection Act (COPPA): Restricts the collection of personal information from children under 13 by companies operating websites, games, mobile applications, and digital services that are directed to children or that collect personal information
Family Educational Rights and Privacy Act (FERPA): Governs information in a student’s educational record, restricting access and use of student information
Health Information Privacy Act (HIPAA): To protect the privacy of protected health information and set limits and conditions on the uses and disclosures that may be made of such information without an individual's authorization
Student Online Personal Protection Act (SOPPA): Guarantees that student data is protected when collected by educational technology companies, and that data is used for beneficial purposes only
Huntley 158 also leverages the Student Data Privacy Consortium (SDPC) to address data privacy concerns and help us partner effectively with third party vendors. As part of SOPPA, these companies must enter into Data Privacy Agreements with the school districts they work with. The agreements outline what data is stored, how it is protected, what the company can and cannot do with that data, as well as what they will do in the event of a data breach. To view the Data Privacy Agreements for Huntley 158, click this link: Huntley 158 Data Privacy Agreements
Where is student data held and where does it go?
The primary repository of student data is our Student Information System, PowerSchool. PowerSchool maintains student demographics, household contact information, enrollments, attendance, grades, schedules, transcripts, discipline, bus, lockers, health, IEP, and LEP information. The District does not retain Social Security Numbers within any system.
In addition to the PowerSchool system, the District also maintains multiple supporting systems that assist in running daily operations. Based on need, some student data is routinely transferred between these applications through a variety of secure and encrypted system integration processes.
Physical access to the data centers and the servers that house this data are limited to a small group of network and application administrators in the IT Department. These data centers are also secured with fire protection and power backup capabilities. We also take routine backups of key systems and data which are securely stored and protected.
With the evolution of cloud-based solutions, the District also subscribes to some externally hosted applications which are integrated with our student information system through encrypted data communications. Data transferred includes basic student information, such as names and schedules, so students can log into applications and access curricular materials configured by the District.
Additionally, the District provides testing agencies, such as ACT, Illinois Assessment of Readiness (IAR), NWEA, etc., with basic student identification as part of the testing and scoring process. The District reports all required data to the Illinois State Board of Education (ISBE) and other government agencies.
Google Apps for Education
The District provides all students with a Google Apps for Education Account. This account allows them to collaborate and share documents with their teacher and fellow students and is an essential component of the classroom. We share limited information with Google solely for account creation purposes. This data, and any data created as a function for using a Google Apps for Education account, belongs to District 158. This type of account is different than having a personal gmail account. Google does not scan student content or email for advertising purposes as they do with regular consumer accounts.
You can review the Google Apps for Education Privacy Statement at:
http://www.google.com/edu/privacy.html
Resources
Data Privacy Laws
Student Online Personal Protection Act (SOPPA): Guarantees that student data is protected when collected by educational technology companies, and that data is used for beneficial purposes only.
Children’s Online Privacy Protection Act (COPPA): Restricts the collection of personal information from children under 13 by companies operating websites, games, mobile applications, and digital services that are directed to children or that collect personal information from individuals known to be children.
Children’s Internet Protection Act (CIPA): Imposes certain requirements on schools that utilize the federal E-Rate program to receive discounts for internet access and other technology services, or that receive federal grants for other technology expenses.
Family Educational Rights and Privacy Act (FERPA): Governs information in a student’s educations record, restricting access and use of student information
Data Privacy Videos
Student Online Personal protection Act (SOPPA)
Children’s Online Privacy Protection Act (COPPA)
Children’s Internet Protection Act (CIPA)
Family Educational Rights and Privacy Act (FERPA)
Additional Resources
Student Data Privacy Laws (2 pages)
SOPPA Details (1 Page)