Illinois schools must comply with the Student Online Personal Protection Act by July 1, 2021. While many schools may not have been aware of this deadline or have been pushing compliance down the road, the coronavirus pandemic has put SOPPA compliance in a new light. Illinois schools are quickly realizing that their contractual relationships with educational technology companies and the use of student data are issues that must be addressed immediately. Therefore, this coming summer provides schools a unique opportunity to both get in compliance with SOPPA early and prepare for an uncertain fall semester.

  • The Second Half Of The 2019-2020 School Year Caught Many School Districts By Surprise

On April 20, 2020, the Chicago Tribune published an article titled “Illinois districts were urged to prepare e-learning plans for students in case of emergency. Most didn’t do it.”  This article reports that many Illinois school districts were, understandably, caught off guard by the coronavirus quarantine in the second half of the 2019-2020 school district. While preparing for remote learning was a pressing issue prior to the quarantine, many schools, for a variety of reasons were unprepared when remote learning became a necessity:

Long before the coronavirus pandemic shut down Illinois schools, state education officials encouraged school districts to prepare to teach remotely. But most of the state’s 852 school districts didn’t have e-learning plans in place when schools closed in mid-March, a ProPublica Illinois-Chicago Tribune analysis has found.

In describing the weeks since remote learning has become a way of life, many school districts have struggled with various online applications, learning tools and getting students adjusted to their new classrooms:

Many of those districts have found themselves scrambling to figure out how best to teach students when they can’t be face to face. They have had to search for the best online platforms — Google Meet or Zoom or Flipgrid or Seesaw? — and try to determine how many students lacked internet service while districts that had already established the logistics have been able to pivot more easily into actual instruction.

Over the last couple of weeks, many school districts, their teachers and their students have needed to learn how to use remote learning tools after remote learning had started. Of course, while e-learning tools have made remote learning possible while people have been ordered to stay at home, these ed-tech applications also provide Google and a number of other tech companies with unlimited access to sensitive student data.

While schools have made significant progress shifting to remote learning, schools will need to take a closer look at how student data was protected during the coronavirus pandemic and what steps need to be taken this summer to shore up security. The legislative intent behind SOPPA fits the current situation perfectly:

Schools today are increasingly using a wide range of beneficial online services and other technologies to help students learn, but concerns have been raised about whether sufficient safeguards exist to protect the privacy and security of data about students when it is collected by educational technology companies. This Act is intended to ensure that student data will be protected when it is collected by educational technology companies and that data may be used for beneficial purposes such as providing personalized learning and innovative educational technologies. 

Indeed, SOPPA may provide the best guidelines for schools to take a closer look at protecting student data and relationships with ed-tech companies during and after the quarantine.

  • Schools Should Begin Planning For E-Learning In The Fall of 2020

The central point of the Chicago Tribune’s April 20th article is that many schools and students were unprepared when they shifted to remote learning. There is further evidence that schools may be in the same position next fall if they don’t immediately take steps to prepare for a remote learning environment. Many colleges are already looking at how the coronavirus pandemic may impact the 2020-2021 school year. For example, “…the University of Arizona said it remains hopeful the fall semester would include a return to campus:

“We are cautiously optimistic that the fall semester will be able to launch with the normal face-to-face campus experience, but of course we will prioritize the health and well-being of our community in making that decision…”

And, colleges and universities are not the only schools struggling to figure out what this fall may look like for students. For example, the Washington State Superintendent of Schools, Chris Reykdal, has acknowledged that “[s]hort of a vaccine, which people continue to tell us is 12-18 months away, we have to figure out if it’s safe to come back even in the fall.” Similarly, the spokesperson for schools in Fort Wayne, Indiana commented: “[t]his could just keep going on, and we may not start in the fall.”

Given this uncertainty, schools may face a limited opportunity this summer to prepare for remote learning and be ready to address the uncertainties this fall. And, in deciding how to prepare for an uncertain fall semester, Illinois schools should start with SOPPA.

In general, SOPPA governs the relationship between schools, students/parents and “Operators.”  SOPPA defines “Operators” as “the operator of an Internet website, online service, online application, or mobile application with actual knowledge that the site, service, or application with actual knowledge that the site, service, or application is used primarily for K through 12 school purposes and was designed and marketed for K through 12 school purposes.” In short, moving toward SOPPA compliance will force schools to take a look at their contracts with ed-tech companies and closely analyze how student data is transferred to third parties. This focus on educational technology companies makes SOPPA requirements the perfect place for schools to start this summer to prepare for next fall.  Further, schools will get a jump start for the July 1, 2021, mandatory deadline to comply with SOPPA.

Learn more at, or contact Tressler attorney Todd Rowe at

The post This Summer Provides A Unique Opportunity For Student Data Privacy appeared first on Privacy Risk Report.