Orgs call on CPS to revise SOPPA policy

Illinois Families for Public Schools, along with the Computer Science Teachers Association - Chicago ChapterCS4ILChicago Teachers Union, and the editorial boards of two student newspapers, the Lane Tech Champion and the Jones Blueprint, sent the Chicago Board of Education and CPS CEO Pedro Martinez a letter today calling on Chicago Public Schools to revise their policy for the Student Online Personal Protection Act and join a statewide consortium in order to make educational software in use around the state available to CPS students. The letter states: "Providing access to technology and protecting student data are not inherently in opposition, and we firmly believe that school districts can do both well." Full letter text below.

A copy of the letter was also provided to members of the IL General Assembly---the two chief sponsors of the Student Online Personal Protection Act amendment passed in 2019, Senators Martwick and Aquino, and the chairs of the Senate Judiciary Committee and the House Cybersecurity Committee, Senator Crowe and Representative Robinson, respectively.

Earlier this school year there was extensive media coverage of CPS botching the rollout of its compliance with the amended SOPPA, the student data privacy law IL-FPS helped initiate in 2019. The changes to the law went into effect on July 1, 2021.

Chicago Sun-Times CPS teachers ‘blindsided’ after access to popular classroom software yanked due to new student privacy law

Axios Chicago CPS policy blocks access to computer software

WBBM Radio CPS blocks access to software to protect student privacy

WGN Radio Outside the Loop #790: Student online privacy and CPS (minute mark 4:20)

Unfortunately, CPS misinterpreted the law in a variety of ways, banned schools from using certain software that SOPPA shouldn't apply to, and declined to join a statewide data privacy consortium that was created to assist with the implementation of SOPPA that 800 other districts in IL chose to join.

In addition, as reported last week in the technology watchdog The Markup, CPS is also not in compliance with SOPPA with respect to reporting requirements of SOPPA for educational software Naviance and Powerschool:

"Illinois, for example, has a state law that requires school districts to post specific information about the ed tech vendors they use, including all written agreements with vendors and lists of the data elements shared with those vendors. Despite that, districts like Chicago Public Schools have yet to post any of the required material pertaining to PowerSchool and Naviance."

Both of these apps collect extensive amounts of sensitive data; according to a records request response to The Markup from Illinois' second largest school district Elgin U-46, Powerschool has a data library with more than 7000 data fields on U-46 staff and students. And, as also reported in The Markup, Naviance uses the data it collects for targeted advertising, which is prohibited under SOPPA.


19 January 2022

To the Chicago Board of Education and CEO Martinez, (cc: Sen Martwick, Sen Aquino, Sen Crowe and Rep Robinson):

We are writing to express our deep concerns about the Chicago Public Schools’ policies and process for bringing the district into compliance with the 2019 amendment of the Student Online Personal Protection Act (SOPPA).

This law made far-reaching changes to strengthen the protection of students’ personal information, in particular by ensuring that schools only share covered information with operators under the protections of a written agreement that complies with SOPPA.

The law was not intended to prevent the use of digital technology that has become deeply integrated into educational environments. It was to ensure that any uses are done in such a way that keeps student data secure and private and provides parents with transparency and control over shared information. These goals are not incompatible with schools making use of tech. 

With nearly two full years since the passage of the law to prepare for the July 1, 2021 effective date, hundreds of districts and schools in Illinois have now entered into thousands of contracts with operators for the use of software that is SOPPA compliant. The majority of Illinois districts have done this through the Illinois Student Privacy Alliance (ISPA), part of the national Student Data Privacy Consortium, which provides districts and schools resources for free for protecting student data, including access to SOPPA-compliant contracts.

Unfortunately, CPS did not join ISPA and has had a much more difficult time successfully negotiating SOPPA-complaint contracts, in part because operators must undergo the full CPS vendor approval process even if they provide software at no cost. 

Teachers at all grade levels all across the district this fall have been left with the unfortunate choice between either (1) violating CPS policy and state law by utilizing software that CPS has not yet approved or (2) radically redoing curricula and lesson plans to either remove technology altogether or use a substandard alternative that does not have the same functionality. This has had a particularly negative impact on computer science education which makes extensive use of free software resources provided by national non-profits (e.g. MIT’s Scratch, Berkeley’s Snap, the non-profit Code.org). In student newsrooms throughout the city, student journalists and their advisors are faced with a similar conundrum because the basic software to publish their papers is no longer available although the language of SOPPA is clear that its provisions simply do not apply to general audience software, i.e. software not designed and marketed solely for K-12 uses.

Meanwhile, some software applications provided by operators receiving the largest amount of the most sensitive data about CPS students are not yet approved or, if approved, appear in the district software catalog with no information about what data elements operators are receiving, including Google Apps for Education, PowerSchool’s Naviance and Liminex’s GoGuardian. The district’s comprehensive student information system, Follet’s Aspen, is not just listed as incomplete, it does not appear in the software catalog at all. 

It is difficult to take the district’s claims that the restrictions on software usage for classroom teachers and students are for the benefit of protecting student data when the district is not yet in compliance for these apps with some of the most extensive quantity of collected data not included. 

In light of these difficulties, we urge the district to take the following steps to remedy the situation:

  1. Rectify the district’s interpretation of the law as applying to general audience software. SOPPA itself does not constrain the use of general audience software in K-12 schools, and, thus, any new restrictions since July 1, 2021 with respect to access to general audience software should be clearly justified with reference to state or federal statute or CPS policy aside from SOPPA, or they should be revoked.
  2. Join the Illinois Student Privacy Alliance and make use of the contracts for any operator that does not yet have an existing contract with the district but does have a contract with other Illinois school districts. Joining the consortium does not void existing contracts that the district has with operators and ISPA contracts can be modified. There is no downside to utilizing ISPA resources.
  3. Revise the district policy, guidelines and operator approval process to incorporate item (2) and decouple the vendor approval process from SOPPA compliance for operators who are not vendors.
  4. Ensure that all online sites, services, apps and software that the district is using that share student-covered information are in compliance with SOPPA, in particular Aspen, Google, Naviance and GoGuardian. The actual contract with the operator should be posted publicly on the district website and should contain a list of data elements that are shared. Links to generic terms of service and privacy policies are not a substitute. 

Please rectify these issues so that the students of CPS have the same access to software and curricula that the vast majority of the rest of students in the state have. Given that CPS is the state’s largest school district and serves a large percentage of Illinois’ students of color and poor and low-income students, lack of access to widely-used educational software resources presents a significant issue of educational inequity. In addition, it is a serious impingement on the civil liberties of the student population of CPS to restrict their ability to publish and distribute student newspapers electronically.

Providing access to technology and protecting student data are not inherently in opposition, and we firmly believe that school districts can do both well.

We hope you take the above steps to remedy this as quickly as possible. 

 

Signed,

Illinois Families for Public Schools

Computer Science Teachers Association - Chicago Chapter

CS4IL

Chicago Teachers Union

Editorial board, Lane Tech Champion

Editorial board, Jones Blueprint

 

connect