The Student Online Personal Protection Act (SOPPA) went into effect on July 1, 2021. This legislation introduced new requirements for school districts and for vendors working with school districts.
An overview of obligations for school districts can be found here. You can review full details of district and vendor obligations in the legislation here.
Privacy Consortium Agreement
One of the requirements of SOPPA is for school districts to enter privacy agreements with all vendors that collect student data. These agreements, along with a list of data elements collected, must be posted online by the school district.
Many districts accomplish this through the Illinois Student Data Privacy Consortium (SDPC). To help make this process easy for schools, CodeHS has joined the SDPC for Illinois.
Districts can download and execute Exhibit E of the consortium agreement to enter a privacy contract with CodeHS.
You can review the full IL SDPC agreement here.
All CodeHS agreements through the SDPC are available here.
Below is a list of SOPPA requirements for vendors, all of which CodeHS is compliant with.
CodeHS does not
Engage in any targeted advertising
Use PII or any collected information to create profiles about users
Sell or rent student information
Disclose covered information, except as is allowed by our privacy agreements with districts
Maintain security procedures that meet industry standards to keep user data safe
Have a data deletion policy to delete data upon request
Disclose information about how we collect and use data
Enter into written privacy agreements with Illinois schools (see information on IL SDPC above)
Provide a list of any third parties or affiliates that data is disclosed to
Our subcontractor and subprocessor list is available here.
Setting Up CodeHS for Compliance in Your District
You should email the privacy contact at your school or district, or administrator responsible for privacy or website agreements. They may be able to sign the existing Exhibit E for the IL SDPC and upload that to the SDPC database to enter your district into a privacy agreement with CodeHS.
If that is not an option, in many cases CodeHS can sign the privacy agreement from your district after review. Please email email@example.com for our team to review your privacy contract.
CodeHS can handle privacy compliance both for Free and Pro accounts.
Chicago Public Schools
CodeHS is approved as a vendor that is compliant for Chicago Public Schools, and has completed the CPS EdTech RFQ and PD RFQ process. You can see CodeHS is an approved CPS website here and here.