Please read our letter to families regarding student data. In an effort to stay current in a fast-changing technology landscape, we strive to communicate assurances, state our commitments, and respond to trending technological advancements. Read Privacy Letter to Families in English or Spanish.
When communicating within MDUSD, all student data is encrypted. Data is only transmitted through appropriate encryption protocols. MDUSD When MDUSD shares student data for the purpose of operating third party systems, we work to ensure these parties only have the "minimum information required."
The Student Online Personal Protection Act (SOPPA) is the data privacy law that regulates student data collection and use by schools, the Illinois State Board of Education, and third-party vendors. As part of SOPPA, these vendors must enter into Data Privacy Agreements (DPA) with each district they work with. These agreements outline what data is store, how it is protected, what the company can and cannot do with the data, and what they will do in the event of a data breach.
The changes to SOPPA mandate that by July 2021, schools must have written agreements with all EdTech software vendors in use. Districts must also make readily available via their websites an overview of security practices, a description of how parents can ensure their student data privacy rights are being met, a list of approved vendors and their corresponding written agreements, and a list of any student data breaches that have impacted more than 10% of students. SOPPA full text.
COPPA restricts the collection of personal information from children under 13 by companies operating websites, games, mobile applications, and digital services that are directed to children or that collect personal information from individuals known to be children. COPPA FAQ
CIPA imposes certain requirements on schools that utilize the federal E-Rate program to receive discounts for internet access and other technology services, or that receive federal grants for other technology expenses. FCC CIPA
If we are informed by a third party of a data breach, we will work with the vendor to notify affected parties as soon as possible. When we contract with third parties, we require them to notify us in a timely manner of any breach.
Personally Identifiable Information (PII) is any data that could potentially identify an individual, such as a combination of an email and birthdate. Whenever possible, especially in electronic correspondence, we do not include information that would allow a person outside of our educational staff to determine the identity of a student. Often, staff only use initials or student numbers in correspondence. We do not share PII with third parties unless specifically allowed under Federal and State laws as outlined in the Privacy Letter to Families above.