Use of Educational Technologies; Student Data Privacy and Security
Educational technologies used in the System shall further the objectives of the System’s educational program, as set forth in Board policy 6:10, Educational Philosophy and Objectives, align with the curriculum criteria in policy 6:40, Curriculum Development, and/or support efficient System operations. The Director shall ensure that the use of educational technologies in the System meets the above criteria.
The System and/or vendors under its control may need to collect and maintain data that personally identifies students in order to use certain educational technologies for the benefit of student learning or System operations.
Federal and State law govern the protection of student data, including school student records and/or covered information. The sale, rental, lease, or trading of any school student records or covered information by the System is prohibited. Protecting such information is important for legal compliance, System operations, and maintaining the trust of System stakeholders, including parents, students and staff. The Board designates the Assistant Principal for Student Services to serve as Privacy Officer, who shall ensure the District complies with the duties and responsibilities required of it under the Student Online Personal Protection Act, 105 ILCS 85/, amended by P.A. 101-516, eff. 7-1-21.
Covered information means personally identifiable information (PII) or information linked to PII in any media or format that is not publicly available and is any of the following: (1) created by or provided to an operator by a student or the student’s parent/guardian in the course of the student’s or parent/guardian’s use of the operator’s site, service or application; (2) created by or provided to an operator by an employee or agent of the System; or (3) gathered by an operator through the operation of its site, service, or application.
Operators are entities (such as educational technology vendors) that operate Internet websites, online services, online applications, or mobile applications that are designed, marketed, and primarily used for K-12 school purposes.
Breach means the unauthorized acquisition of computerized data that compromises the security, confidentiality or integrity of covered information maintained by an operator or the System.
The Director or designee designates which System employees are authorized to enter into written agreements with operators for those contracts that do not require separate Board approval. Contracts between the Board and operators shall be entered into in accordance with State law and Board policy 4:60, Purchases and Contracts, and shall include any specific provisions required by State law.
The Director or designee shall ensure the System implements and maintains reasonable security procedures and practices that otherwise meet or exceed industry standards designed to protect covered information from unauthorized access, destruction, use, modification, or disclosure. In the event the System receives notice from an operator of a breach or has determined a breach has occurred, the Director or designee shall also ensure that the System provides any breach notifications required by State law.
20 U.S.C. §1232g, Family and Educational Rights and Privacy Act, implemented by 34 C.F.R. Part 99.
105 ILCS 10/, Ill. School Student Records Act.
105 ILCS 85/, Student Online Personal Protection Act.
CROSS REF.: 4:15 (Identity Protection), 4:60 (Purchases and Contracts), 6:235 (Access to Electronic Networks), 7:340 (Student Records)
ADOPTED: November 19, 2020