Skip to main content

Student Online Protection Act-Student Cards

Student cards are created to support students within a public library's school district service area. Student card information is shared by the educational institution directly with the public library, when full parental authorization for a standard public library card is not received.

SWAN libraries must adhere to legal requirements, including SOPPA (Student Online Personal Protection Act) when creating student cards.

If a public library has a signed parental/guardian authorization form with student information provided by the adult on the application, the card created will be a regular library card issued by the library. In this case, the agreement is between the public library and the parent/guardian. 

SOPPA - Student Online Personal Protection Act

Effective July 1, 2021, the school district will be required by the Student Online Personal Protection Act (SOPPA) to provide additional guarantees that student data is protected when collected by educational technology companies, and that data is used for beneficial purposes only (105 ILCS 85).

SOPPA applies to all Illinois school districts, the Illinois State Board of Education, and operators of online services and applications. It is the responsibility of the school district sharing information with an outside organization, including SWAN and any SWAN library member, to enter into a written agreement with the service provider collecting that information. 

Working with our SWAN library member, Bensenville School District #2, SWAN has entered into an IL-NDPA (Illinois - National Data Privacy Agreement) with Bensenville School District #2. This agreement is a master agreement with BSD#2 which other school districts may "piggyback" on this original agreement. This means that the paperwork is on record and filed with the National Registry of Privacy Agreements. Any school/school district providing information to a SWAN library must also have an agreement in place. This requires minimal coordination since the IL-NDPA between Bensenville School District #2 and SWAN is already in place. All SWAN member libraries are listed in this agreement as trusted partners with access to the information contained in our shared patron database.

Submit a support ticket if your library is receiving student data directly from schools/school districts so that we can assist in meeting legal requirements.

SOPPA Compliance

Websites, online services, and mobile apps that are designed, marketed, and used for K-12 school purposes must comply with SOPPA regardless of whether they have a contract with a school or district. 

SWAN is SOPPA compliant based on the following:

  • Not using collected data to provide targeted ads;
  • Not profiling students except in furtherance of school purposes;
  • Not selling or renting student information;
  • Not disclosing information unless required to by law or as part of the maintenance and development of services;
  • Using sound security practices;
  • Deleting student data when requested by the school or district;
  • Publicly disclosing information about its use, terms of service, agreement, and privacy policy;
  • Entered into a written agreement with the school district.

Steps for the school district

The Illinois Student Privacy Alliance is for Illinois school districts to ensure their compliance with SOPPA. SWAN undertook steps to comply with the Alliance, which can then be used by other school districts.

  1. Join the Illinois Student Privacy Alliance
  2. Review the Standard Student Data Privacy Agreement (DPA) between SWAN and Bensenville School District
  3. School districts can use the Exhibit E of the DPA to enter into the same protections.
  4. After Exhibit E is approved by the school, they can upload the signed agreement under their institution to the Illinois Student Privacy Alliance.

There is no need for SWAN and the school district to enter into an individual DPA since that step has been completed.