The District’s privacy standards are established in accordance with applicable federal and state law and Board policy, and are intended to reflect the District’s mission and values. These guiding concepts are intended to provide direction about many elements of the District’s practice, including the educational value of instructional technology, the primacy of children’s safety, and the importance of family rights.
The district uses filters and firewalls to prevent students from accessing harmful information on the Internet as well as to protect the privacy of student information. To further determine whether websites, software, or apps are safe to use as part of instructional programming, the district is also leveraging an updated Data Processing Agreement (DPA) to determine whether or not the particular website, software, or app has adequate privacy measures to protect student data.
Federal and State Laws
D205 will comply with all applicable laws and regulations concerning the privacy of student data. D205 will also take steps to ensure that any third parties who provide services to the District comply with these laws. The following is an overview of the various laws that govern the confidentiality of student information, including but not limited to electronic data. The Learning Technology Center of Illinois has also compiled the linked Legislative Brief for additional context.
The Children’s Internet Protection Act (CIPA) was enacted to address concerns about children's access to obscene or harmful content over the Internet. CIPA imposes certain requirements on schools that receive discounts for Internet access or through the e-rate program, which is a program that makes certain communications services and products more affordable for eligible schools. To be eligible to receive discounts, a school must have an Internet safety policy that includes protection measures to block or filter Internet access to pictures that are obscene, child pornography, or harmful to minors. A school is also required to include in its Internet safety policies that the school will monitor the online activities of children and educate children about appropriate online behavior, including interacting with other individuals on social networking websites and in chat rooms, and cyber bullying awareness and response. More information is available at 47 U.S.C. §254(h), (i); 47 C.F.R. §54.520.)
The Children’s Online Privacy and Protection Act (COPPA) also deals with children’s online privacy. The primary goal of COPPA is to place parents in control over what information is collected from children under age 13. COPPA applies to commercial websites and online services. The term “online service” broadly covers any service available over the Internet (including mobile apps), or that connects to the Internet or a wide-area network. COPPA imposes requirements on: operators of websites and online services directed to children under 13 that collect, use, or disclose personal information from children; operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13; and operators of websites or online services that have actual knowledge that they are collecting personal information directly from users of another website or online service directed to children. More information is available at www.ftc.gov/tips-advice/business-center/privacy-and-security/children%27s-privacy. (15 U.S.C. §§6501-6505; 16 C.F.R. Part 312.)
The Federal Educational Rights and Privacy Act (FERPA) affords parents/guardians important rights concerning their children's school student records and the personally identifiable information in those records. FERPA gives parents/guardians the rights to: (1) inspect and review the student's records maintained by the school; (2) request that a school amend the student’s records; (3) consent in writing to the disclosure of personally identifiable information from the student's records, except under certain permitted situations; and (4) file a complaint with the U.S. Department of Education’s Family Policy Compliance Office regarding an alleged violation under FERPA. More information on FERPA is available here. (20 U.S.C. § 1232g; 34 C.F.R. Part 99.)
The Student Online Personal Protection Act (SOPPA) protects the privacy and security of student data when collected by educational technology companies operating online websites, online services, or online/mobile applications. Pursuant to SOPPA, school districts must “implement and maintain reasonable security procedures and practices that otherwise meet or exceed industry standards designed to protect covered information from unauthorized access, destruction, use, modification, or disclosure". The SOPPA allows data to be used to benefit students, including as a way to provide personalized learning and educational technology. The SOPPA bars the use of student data for targeted advertising and prohibits the sale of student information gathered during the students’ use of educational technology. The SOPPA requires that school districts entered into data sharing agreements with educational technology vendors with whom the school district shares certain covered information. The SOPPA also requires that school districts publish information about any Data Breach affecting 10% or more of students. (105I ILCS 85/1 et.seq.)
Content Filtering
Filtering @ D205
Working With Securly
Student safety is our top priority. Chromebooks and iPads are filtered 24x7 with a web-based filter called "Securly" to protect students from the most offensive content. Although no web filter is perfect, when issues arise we can address them by blocking the site as appropriate and in compliance with the Children's Internet Protection Act (CIPA). The external filter is set to block only the most offensive content with the goal of protecting children but not getting the way of students' access to information that they need for class research, projects, etc. outside of school. These settings would apply to when the student is logged in to the device itself. Also, we want students to be able to use their devices at home for appropriate non-district activities. On public WiFi networks, such as the library, Starbucks, or McDonald's, your home network settings will not be in effect but the D205 out-of-school filtering still applies when using D205 devices.
For more Information on the Federal, State, and District Policies that govern device use at D205, please visit the Student Data Privacy page. Additionally, please read below for added information families can take at home to strengthen their personal Internet safety and experiences.
At Home Resources
In addition to Securly, there are many tools you can implement at home on your personal devices to help create a safe online environment while continuing to allow children to grow and learn. The items below are not endorsed by D205 but are simply collected in an effort to support parents own research and understanding for at-home use.
While there are many options available on the market, these are several of the leading and highest reviewed resources. They all allow you to filter content, limit screen time, set bedtimes, give rewards, etc. Some even allow you to take your settings outside of your home, allowing you to continue to teach digital citizenship anywhere in the world your child is. Each has slightly different features, so it is recommended to do research to see which works best for your situation.
Suspicion of Data Breach
Any individual who suspects that a theft, breach or exposure of D205 protected data or D205 sensitive data has occurred should immediately provide a description of what occurred via email to a Network Operations team member or by calling 630-834-4530 Ext. 2000 during normal school hours. The responding member of the team will escalate as appropriate to management and administration within the district and begin the process to investigate and confirm if a theft, breach or exposure has occurred.
In the unlikely situation that an operator experiences a potential data breach, they must notify D205 as soon as possible. After receiving notice of a potential breach, we will evaluate their report and if confirmed, provide notifications to parents. Information on past breaches will be publicly displayed below and contain the following information:
Date or estimated date/range of the breach
Description of covered information breached
The number of students unless disclosure would violate the Personal Information Protection Act
Contact information of the operator for questions
Toll-free numbers, addresses, and websites of consumer reporting agencies and the FTC
The District will also notify parents and post information in the event the District’s data systems are breached.
Note: A notice of breach may be delayed if a law enforcement agency determines that the notification will interfere with a criminal investigation. If a breach impacts less than 10% of the student enrollment, by law it does not need to be disclosed in the manner described above.
DATA BREACHES REPORTED TO THE DISTRICT AND CONFIRMED WITHIN THE LAST 5 YEARS:
None reported