Student Online Protection Act (SOPPA) SOP

Updated 11/2020

Leg. Brief

Admin Procedures 7:345


  1. 1

    Posting Requirements

    Annually post a list of all operators of online services or applications utilized by a district.
  2. 2

    Posted Data

    Annually post all data elements that the school district collects, maintains, or discloses to any entity.  This information must also explain how the school uses the data, and to whom and why it discloses the data.
  3. 3

    Contracts

    Post contacts for each operator within 10 days of signing.
  4. 4

    Subcontractors

    Annually post subcontractors for each operator.
  5. 5

    Parent Review Process

    Post the process for how parents can exercise their rights to inspect, review and correct information maintained by the school, operator, or ISBE.

    (Link D 100 Process/Form Here)
  6. 6

    Data Breaches

    Post data breaches within 10 days and notify parents within 30 days.

  7. 7

    Policy

    Create a policy for who can sign contracts and operators.  

    (Link here once completed).
  8. 8

    Privacy Officer

    Designate a privacy officer to ensure compliance.
  9. 9

    Security Procedures

    Maintain reasonable security procedures and practices.  Agreements with vendors in which information is shared must include a provision that the vendor maintains reasonable security procedures and practices.
  10. 10

    End