Achieving SOPPA Compliance with Reasonable Security Practices

The Student Online Personal Protection Act (SOPPA) requires all Illinois public school districts to provide additional guarantees to protect student data privacy, effective July 1, 2021 (105 ILCS 85/15). Among the requirements, the act directs schools to implement and maintain reasonable security procedures and practices that meet or exceed industry standards.

In preparation for SOPPA’s effective date, the Learning Technology Center selected 43 security best practices that all districts should implement to comply with this new legislation. The practices align with CIS Controls, a globally recognized cybersecurity standard, and are vetted by numerous Illinois school district technology leaders.

Although the Illinois State Board of Education will issue additional guidance throughout the coming year, these 43 security practices can form the foundation of a strong district-wide security program, starting today.

View Reasonable Security Practices