Student Data Privacy

Protecting student data is a priority for the Moline-Coal Valley School District and of the utmost importance.  Our District leverages the Student Data Privacy Consortium (SDPC) and Learn Platform to determine if educational technology companies are in full compliance with state and federal privacy laws.  The following resources provide more information about what happens to our students' data and the measure we take to protect our students' privacy.

Click Here to View the List of Approved and Denied Applications


Student Online Personal Protection Act (SOPPA)

Effective July 1, 2021, Illinois school districts will be required by the Student Online Personal Protection Act (SOPPA) to provide guarantees that student data is protected when used by educational technology companies, and that data is used for educationally beneficial purposes only (105 ILCS 85).  The following collapsible sections provide information on the specific requirements and how Moline-Coal Valley CUSD 40 is meeting these requirements. 
The Learning Technology Center has created a useful video that highlights what SOPPA is and how it benefits school districts:
As required by SOPPA, the MCV School Board appoints the Director for Technology as the Student Data Privacy officer.  This role oversees a committee of district personnel charged with making sure that all educational technology partners, services, and applications, adhere to the regulations of SOPPA.  These regulations are put in place to ensure the sale, rental, lease, or trading of any District student records or covered information by the District is prohibited.   Any operator of such service is required to have a signed agreement with the District accepting the strict regulations of SOPPA.  A list of District-approved operators, the information they collect, and a copy of the signed agreement can be found on our LearnPlaform Database
The Data Privacy Officer is also designated to sign contracts with operators and review operator privacy policies to ensure they meet the requirements of SOPPA. 
**The District's SOPPA Committee will meet quarterly to review staff requests, review current SOPPA policies, review any breaches, and review the District's current state of data privacy. **
In the event there is a data breach, the Moline-Coal Valley School District 40 is required to notify parents via the District's communication system within 30 days of the breach and within 60 days if a third party is responsible for the data breach. 
SOPPA regulations state that parents and/or legal guardians have the right to inspect, review, and correct information maintained by the school, operator, and the Illinois State Board of Education.  All requests should be made via email to the Director for Technology (the designated Data Privacy Officer) using this email address:  [email protected].   
To ensure all educational technology partners, operators, and services that collect student data comply with SOPPA, the District has implemented LearnPlatform for the management of teacher/staff technology requests.  Teacher and staff requests to implement electronic services or applications are vetted through the District's SOPPA Committee and approved or denied based on the operator's willingness to agree to the terms defined in SOPPA, and that the service fills an educational purpose.  A list of the web-based tools, applications, and services, with their related privacy policies, can be found in our LearnPlaform Database
The District's Educational Technology Department maintains enterprise-level and current network security systems as described below. 
  • Enterprise-level firewall appliance replaced every 5 years with annual renewal subscription/support agreements
  • Enterprise-level core switch updated quarterly to the most stable release and renewed every 5 years
  • Enterprise-level wireless management system
  • Malware-Bytes antivirus/Malware subscription for all network clients, including servers
  • Currently supported Windows server within a virtual environment that is patched for security updates weekly
  • SysCloud Student Security system that monitors our Google Workplace environment for malware, viruses, as well as FERPA, and HIPPA violations 
The District also implements standard data security policies at the state and federal level:
The Moline-Coal Valley CUSD 40 School Board has adopted these policies and guidelines:
The District has implemented LearnPlatform to manage operator contracts, collect student data privacy policies, and provide a workflow for teachers and staff to request educational technology services, applications, and/or tools that are SOPPA compliant.  Click here to visit our public LearnPlatform site. Here, you can search for contracts, or see a comprehensive list of approved operators. 
Additionally, operators are required to sign the Illinois  Student Data Privacy Agreement before any service, application, or tool can be adopted by the District or any contract renewed.  A copy of the IL-NDPA can be found at the bottom of this page under Useful Handouts or on the SDPC Website.  This agreement is directly tied to the strict regulations of SOPPA and helps ensure that the data we share with approved operators is not sold, leased, or rented and is used solely for educational purposes.  Each operator must specifically list the data elements they collect, and they must specifically state how this data is stored on their servers (or the servers of their subcontractors).  
Parent Guides to Online Safety and Data Privacy
MCV CUSD 40 recognizes the importance of our parents and their role in providing a safe online environment for our students.  ConnectSafely is a great resource for parents to learn more.  This non-profit organization educates adults and students about maintaining a safe online existence.  Check out their parent guides