SOPPA Update: Supporting the IL-NDPA

SOPPA Update: Supporting the IL-NDPA

3/19/2021

With the Student Online Personal Protection Act (SOPPA) taking effect 7/1/2021 in Illinois, we’ve all been working to meet the act’s new requirements.  Among other things, school districts need to update their “written agreements'' with vendors that hold student data. At CGS, we’ve updated our order form and terms of service to comply with SOPPA.  We thought this was the easiest way to meet our customers’ needs, and many customers have used it for renewal.  

There is also an effort to meet SOPPA’s requirements with the Illinois-National Data Privacy Agreement (IL-NDPA), and some customers would prefer to go this route.  This provides a common framework for many school districts to sign a single agreement, and not require repeated individual legal review (which is difficult for smaller districts with limited access to legal counsel).  After doing research, we’ve found that we can be supportive of this approach too.  

We believe the process is as follows:

1. We write an “Exhibit H” for CGS customers, to modify the base IL-NDPA with our specific needs.  The authors of the IL-NPDA did a nice job of making the agreement extensible.

2. We work with a few customers, ones that have good access to legal counsel, to negotiate and sign the agreement.  

3. Any signed agreement(s) would be published to the Illinois Learning Technology Center of Illinois (LTC), which acts as a clearinghouse.  All our other customers could view these executed agreements.

4. Any customer can adopt an existing signed agreement as their own.  They are basically trusting the legal opinion of the district(s) that reviewed and accepted the CGS Exhibit H.  This is done by filling out and signing an “Exhibit E” referencing the agreement they’d like to adopt.  

In this way, smaller school districts with limited legal resources can find an IL-NDPA previously reviewed and executed by another CGS customer.  They can benefit from the legal work done by their peers, as privacy needs across districts will be very similar.

Within the next few weeks, we’ll write an “Exhibit H” to the IL-NDPA.  The LTC just released a new version of the IL-NDPA, so we’re reviewing the latest.  

We are actively seeking customers who are willing to work through the terms of our Exhibit H to sign and adopt the agreement.  If you’re open to participating in this effort, please contact your account representative. They’ll connect you with the right folks at CGS.

Once we have a signed agreement, we’ll share it through the LTC, and publish another news article.  Interested customers could sign onto any executed agreement.  Even customers who’ve previously signed our order form/terms of service could execute an IL-NDPA if they’d like.

There’s a lot of passion around the IL-NDPA, and we’re glad we could find a cooperative solution for everyone.  Data privacy is a worthy goal, and SOPPA should extinguish bad privacy practices employed by less ethical actors in the marketplace.  At CGS, we’ve always pursued a high-privacy strategy, and we’re glad to see that it’s now a requirement for everyone (in spite of the short-term workload coming at a potentially inconvenient time).

 Keep an eye on our News page for future updates,

The Common Goal Team