Letter to ISBE on proposed rule for SOPPA

The changes to the Student Online Personal Protection Act passed as PA 101-0516 will go into effect on July 1, 2021. The IL State Board of Education released their draft regulations to implement the law for initial review for December's ISBE meeting. We sent a letter with our feedback on the rule to the Board yesterday.

Illinois Families for Public Schools
332 S Michigan Ave
Lower Level Suite i252
Chicago IL 60604

December 16, 2020

Illinois State Board of Education
100 N First St
Dear Board members:

I am writing with respect to today’s board meeting agenda item 7(b), the rules for the new part of the Administrative Code written for the amendments to the Student Online Personal Protection Act (SOPPA). 

Our organization led the push for the passage of this initiative, PA 101-0516. The original version of SOPPA was negotiated without parents at the table, and, in fact, had no mention of the word parent. A primary goal of this law is to bring clarity to the rights that families have under the Illinois School Student Record Act (ISSRA) and the federal Family Educational Rights and Privacy Act (FERPA). Student privacy has strong protections under those laws, especially ISSRA, but they were written in an era when student information was stored in school file cabinets not server farms.  The changes to SOPPA were intended to give parents more control over and transparency about the digital data collected on their children in public schools, no matter whether it is held by the school, the State Board or a third-party operator. Please see the attached handout for a summary of the provisions of the final version of HB3606, passed as PA 101-0156.

With respect to the draft rule Part 380 on the agenda today, we are concerned that Section 380.20(d) would restrict parent requests made under this part to only once per fiscal quarter. We understand that education agencies are apprehensive that this new law will unleash a flood of inquiries on the part of parents. However, ISSRA, which has a very robust right for parents to inspect, receive copies and request corrections of their child’s education records has been on the books for 45 years, with no such restriction, and schools have been able to cope with the volume of requests under that law—and for much of that era, generating a response was not the result of a records officer sitting at a keyboard, but painstakingly making physical copies of paper files. Moreover, SOPPA Sec 30.9 makes it clear that nothing in SOPPA shall supersede FERPA or ISSRA. Federal guidance issued by the US Department of Education in 2015  says that schools are responsible for providing parents access to students’ records under FERPA whether they are held by the school or an operator. Section 380.20(d) would restrict requests under SOPPA, but not requests under ISSRA or FERPA. 

We urge the board to remove this rule from any final version of Part 380. Its inclusion in the part will confuse families and schools. 

Schools concerned about the volume of requests should make an effort to limit unnecessary data collection in the first place, and they should make an effort to achieve transparency about data collection on the front end by making it very easy for families to know what operators are getting what data so that parents do not need to make blanket requests in order to understand what is being collected and shared about their children.  


Cassie Creswell, director

Illinois Families for Public Schools