justice scale justice scale justice scale

McKenna Minutes

“The life of the law has not been logic; it has been experience.”

-Oliver Wendell Holmes, Jr.

What School Officials Need to Know about Student Data Privacy in Illinois

What School Officials Need to Know about Student Data Privacy in Illinois

Data breaches have happened, and will continue to happen, to all different types of entities, including private businesses, charities, government offices, and schools. In a recent article for Law.com, Frank Ready examined student data privacy in Illinois following the disclosure of a recent Chicago Public School (CPS) data breach.

Legislators have recognized the need to protect student data and have taken steps to regulate this area to accomplish that goal. Accordingly, there are numerous federal laws governing student data privacy, and more than 100 state laws on the topic. In Illinois, the Student Online Personal Protection Act (SOPPA) is the only school-specific state law regulating how schools handle data privacy/security. Briefly, SOPPA exists to protect the privacy and security of student data collected by educational technology companies, and seeks to ensure that any collected data is used for beneficial educational purposes. It prohibits these companies from certain activities, such as engaging in targeted advertising based on collected data, using collected data to amass profiles of students, and selling or renting student information. Additionally, Illinois schools must also comply with Illinois’ data breach notification act, just as any private business would.

The question of liability following a school data breach was also a focus of Mr. Ready’s article. The CPS incident involved a breach through a third-party vendor. As I noted in my comments to Mr. Ready, both the school and/or the vendor that mishandled the data, may be liable for damages incurred by students whose data was exposed during a data breach. The school may be liable to the students since the school collected the data and had a duty to protect that data. The vendor may then be liable to the school for mishandling data it was hired to process. When hiring a third-party vendor, the contract between the school and vendor should always clearly address the liability of the two parties in the event of a data breach.

If you have any questions regarding student data privacy in Illinois, or data privacy/security generally, please contact Tim Hayes at McKenna Storer.

Categories Privacy and Data Security Litigation

Leave a Reply

You must be logged in to post a comment.

Here to help with whatever your legal issues may be, schedule your no-obligation consultation or Simply Call us at.
Chicago: (312) 558-3900 or Woodstock: (815) 334-9694

  • Hidden
  • Hidden

Please do not send confidential information via email. The sending of information by you, and the receipt of it by McKenna Storer, is not intended to, and does not create a lawyer-client relationship.

Privacy Policy | Sitemap © 2021 McKenna Storer
Show Buttons
Hide Buttons