Student Online Personal Protection Act
The Student Online Personal Protection Act (SOPPA) governs and protects the privacy and security of student data when it is shared with and collected by educational technology, or EdTech, companies. SOPPA regulates companies that provide web-based sites, services, online and mobile applications that are used primarily for K-12 purposes.
SOPPA places a host of responsibilities on EdTech vendors. The law has important provisions that prevent companies from engaging in targeted advertising to students, amassing a profile on students, selling or renting student information, or using student information except in limited ways. Additionally, companies must meet certain security requirements when storing student data, delete student data when requested by Noble, and maintain a public privacy policy.
SOPPA also places responsibilities on school districts like Noble, such as requiring data-sharing agreements with many of these companies. SOPPA also gives parents/guardians certain rights when it comes to their children’s data.
Ensuring our students’ safety is critically important to Noble, and establishing protocols compliant with this legislation will enable us to do so consistently.
Noble’s SOPPA Compliance | SOPPA requires that all companies with which Noble shares covered information sign a data-sharing agreement outlining the categories of data that are being shared, the purpose of collecting the data, how the data will be used, and how the data will be protected. Noble maintains robust security measures to protect student data.
Noble has designated its Chief Operating Officer and General Counsel to serve as its Privacy Officers. As Privacy Officers, these individuals will ensure that Noble complies with the duties and responsibilities required of it under SOPPA, ISSRA, and FERPA, including, but not limited to, all requirements related to posting information about the use and disclosure of covered information, providing notice of a breach of covered information, and implementing and maintaining reasonable security procedures and practices.
Only Noble employees who are authorized to approve and sign contracts may enter into written agreements with operators for contracts that involve the disclosure of education records/school student records. All agreements entered into for K-12 school purposes by an employee must receive appropriate internal approvals.
To view a list of all operators of online services or applications utilized by Noble, please visit the SOPPA Data Privacy Agreements.
Requests to review data. Parents/guardians may request to inspect and review their student’s covered information. Requests for reviewing records must be made in writing and include the date of the request, the parent/guardian’s name, address, phone number, student’s name, and the name of the school from which the request is being made. Noble has forms available. Parents/guardians will be required to provide proof of identity and relationship to the student before access to the covered information is granted. If the covered information you request includes your child’s school student records, Noble will permit you to inspect and review any school student records of your child per Noble’s procedures for student records requests.
Noble will provide an electronic copy of the records within 45 days of receiving a request for the covered information. If a parent/guardian requests a paper copy, Noble will charge .35 cents per page. No parent/guardian will be denied a paper copy due to an inability to pay. A parent/guardian may make a request to review and receive copies of covered information no more than two requests per student per quarter.
Requests to correct data. Parents/guardians may request corrections of factual inaccuracies contained in their student’s covered information. If the covered information you are requesting to be corrected includes your child’s school student records, Noble will follow its procedures for amendment of student records with respect to those school student records. Noble will review the request, determine if an inaccuracy exists, and if so, will make any necessary corrections within 90 days of the request. If the correction needs to be made by the Illinois State Board of Education or Noble’s vendor, any necessary corrections will also be made within 90 days of the request and Noble will notify the parent/guardian of any necessary corrections within 10 days after receiving confirmation of the corrections.
If a parent/guardian requests the deletion of any covered information, Noble will review the request to determine whether such a deletion would violate the law or result in the student being unable to participate in Noble’s curriculum.
Information for Parents and Guardians | SOPPA provides parents and guardians with the right to inspect, correct, and delete their child’s data, regardless of whether it is held by a school or a third-party EdTech vendor. Illinois schools like Noble will also be required to post on their website the types of student data they share with EdTech vendors and provide a notice about the EdTech vendors with whom they work.
Information for Teachers and Principals | Teachers will need to inform parents and guardians of the EdTech products they have chosen for their classroom and obtain parental consent where appropriate. Principals will need to ensure the EdTech vendors chosen by staff are part of Noble approved vendors and have signed agreements on file with Noble’s Legal department.
Data Breaches | In the unlikely situation that a vendor experiences a potential data breach, Noble will be notified. After receiving notice of a potential breach, Noble will evaluate the report and if confirmed, provide notifications to parents/guardians. Information on any breach that impacts more than 10% of our students will be publicly displayed.
Noble will also notify parents/guardians and post appropriate information in the event Noble’s data systems are breached.
Please note that a notice of breach may be delayed if a law enforcement agency determines that the notification will interfere with a criminal investigation.
To view notifications and information about breaches of student data, please visit the Noble Data Breach Notifications page. For additional information, please contact Noble’s Privacy Officers: Darko Simunovic (Chief Operating Officer) and Robyn Taylor (General Counsel).
