Resource

Legal Reference Guide & Database


Insights into Laws Impacting Technology in Schools

To plan with confidence, K-12 leaders need to know how current state and federal laws impact their use of technology in schools – both in the classroom and beyond.

Updated annually, this free guide provides an introduction to the statutes, regulations, and rules that may apply to the use of technology in primary and secondary school districts in Illinois.

Updated: August 16, 2024

Legal Reference Database

Internet Safety

Internet Safety Curriculum

Summary
School districts must implement an internet safety component in their curricula. It is recommended that the following topics are included: safe and responsible use of social networking websites, chat rooms, electronic mail, bulletin boards, instant messaging, and other means of communication on the Internet; recognizing and reporting online solicitation; recognizing and avoiding unsolicited and deceptive communications online; and recognizing and reporting online harassment and cyber-bullying.
Applicability
This law applies to all school districts.
Students

Disposition of Student Records

Summary
A Public Record is defined to include born-digital material, digitized electronic material, electronic material with a combination of digitized and born-digital material, and other documentary material, regardless of physical form or characteristics made, produced, executed or received by any agency or officer pursuant to law or in connection with the transaction of public business and preserved or appropriate for preservation by the agency as evidence of the organization, function, policies, decisions, procedures, or other activities. The Local Records Commission has promulgated regulations to establish procedures for the disposition of public records, procedures for the management and preservation of electronically generated and maintained records, and standards for the reproduction of such public records by digitized electronic format. The Local Records Act is applicable to student records maintained pursuant to the School Student Records Act and, therefore, a local school district must obtain the written approval of the appropriate local records commission before destroying or otherwise disposing of student records, whether they exist in physical hardcopy form or digital form.
Applicability
The law applies to school districts as it pertains to destruction or disposal of student records.

50 ILCS 205/7 ;
1983 Op. Atty.Gen. 83-018.

44 Ill. Admin. Code Part 4000 (Downstate Local Records Commission)
44 Ill. Admin. Code Part 4500 (Cook County Local Records Commission)

Students

Illinois School Student Records Act

Summary
A student permanent record is the minimum personal information necessary to a school in the education of the student which may include the student’s name, birth date, address, grades and grade level, parents’ names and addresses, and attendance records. A school is required to maintain student permanent records for no less than 60 years after the student has graduated, transferred, or permanently withdrawn from the school. A student temporary record is all information contained in a school student record that is not contained in the student permanent record. A school student record is any writing or other recorded information concerning a student and by which a student may be individually identified, maintained by a school or at its discretion or by an employee of a school, regardless of how or where the information is stored. This information must be maintained by a school for no less than 5 years after the student has graduated, transferred, or permanently withdrawn from the school.
Applicability
This law applies to any public preschool, day care center, kindergarten, nursery, elementary or secondary educational institution, vocational school, special educational facility or any other elementary or secondary educational agency or institution and any person, agency or institution which maintains school student records from more than one school, but does not include private or non-public schools.
Students

Missing Children Records Act; Missing Children Registration Law

Summary
Upon notification by the Illinois State Police of a missing minor, school districts and preschool programs are required to flag the record, whether electronic or hard-copy, of the missing minor such that whenever a copy of information regarding the record is requested, the school shall be alerted to the fact that the record is of a missing person. The school must immediately report to the Illinois State Police any request concerning flagged records or knowledge as to the whereabouts of any missing minor. School districts are also required to undertake the abovementioned duties and additionally report to local law enforcement authority.
Applicability
This law applies to all school districts.
Students

Student Biometric Information

Summary
School districts that collect biometric information from students shall adopt policies that require, at a minimum, all of the following: (i) Written permission from the individual who has legal custody of the student or from the student if he or she has reached the age of 18. (ii) Discontinuation of use of a student’s biometric information upon the student’s graduation or withdrawal; or upon receipt in writing a request for discontinuation by the individual who has legal custody of the student or from the student if he or she has reached the age of 18. (iii) Destruction of a student’s biometric information within 30 days after the use of the biometric information is discontinued. (iv) The use of biometric information solely for identification or fraud prevention. (v) Prohibition on the sale, lease, or disclosure of biometric information (unless there is consent or disclosure required by court order). (vi) Storage, transmittal and protection of biometric information from disclosure. “Biometric information” means any information that is collected through an identification process for individuals based on their unique behavioral or physiological characteristics, including fingerprint, hand geometry, voice, or facial recognition or iris or retinal scans.
Applicability
This law applies to all school districts.
Students

Suspension or Expulsion, Cities over 500,000 inhabitants

Summary
The Board of Education has the power to expel, suspend, or subject to the limitations of all policies established or adopted in accordance with the provisions of the School Code, or otherwise discipline any pupil found guilty of gross disobedience, misconduct, or other violation of the by-laws, rules, and regulations, including gross disobedience or misconduct perpetuated by electronic means.
Applicability
This law applies to the Board of Education in cities with a population of over 500,000 inhabitations.
Students

Suspension or Expulsion

Summary
School boards have the power to expel pupils guilty of gross disobedience or misconduct, including gross disobedience or misconduct perpetuated by electronic means. The board may suspend or authorize the superintendent, principal, assistant principal, or dean to suspend a student for not longer than 10 days, or expel a student for a period of time not to exceed 2 years, if: (i) the student has been determined to have made an explicit threat on the Internet website against an employee, personnel, or student; (ii) the Internet website was accessible within the school, or available to third parties who worked or studied on school grounds, at the time the threat was made; and (iii) the threat could reasonably be interpreted as threatening to the safety and security of the individual because of his or her employment status or status as a student.
Applicability
This law applies to all school districts.
Students

Parent Participation

Summary
Parents may elect how they would like to receive IEP meeting materials as long as the options include regular mail or picking up the materials at school. Implies electronic delivery is permitted. Federal regulations provide that a parent may elect to receive notices required for prior written notice, procedural safeguard notices, and due process complaints by electronic mail, if the school makes that option available.
Applicability
This law applies to all school districts.
Students

Assistive Technology

Summary
According to rules established by the State Board of Education, school district personnel are required to prepare a comprehensive evaluation of the student to determine whether he or she is eligible for special education services. After the student is deemed eligible for services, an IEP meeting is held to develop his or her individualized education program. At the child’s initial IEP meeting and at each annual review meeting, the child’s IEP team shall provide the child’s parent or guardian with a written notification that informs the parent or guardian that the IEP team is required to consider whether the child requires assistive technology in order to receive free, appropriate public education. The notification must also include a toll-free telephone number and internet address for the State’s assistive technology program. Assistive technology includes both devices and services. As defined in IDEA: (i) an assistive technology device means any item, piece of equipment, or product system, whether acquired commercially off the shelf, modified, or customized, that is used to increase, maintain, or improve the functional capabilities of a child with a disability. (ii) an assistive technology service means any service that directly assists a child with a disability in the selection, acquisition, or use of an assistive technology device.
Applicability
This law applies to all school districts.
Privacy

Personal Information Protection Act

Summary
Obligates “data collectors” (defined to include any public or private entity, including school districts) to notify Illinois residents when their “personal information” has been breached. The law provides an expansive definition of “personal information.” It includes breaches of health insurance information, medical information, unique biometric data, and online account information. Data collectors are required to notify affected residents and provide contact information for consumer reporting agencies and the Federal Trade Commission, and advise the individual can obtain information from these sources about fraud alerts and security freezes. If a breach permits access to an online account, notices via electronic or other form is required directing the individual to promptly change his or her user name or password or take appropriate steps to protect accounts. Data collectors are required to implement and maintain reasonable security measures to protect “personal information” from unauthorized access. In the event that notice is required to be issued to more than 500 residents as a result of a breach, notice shall be provided to the Attorney General, including a description of the nature of the breach, the number of residents affected, and steps the data collector has taken in response to the breach. The Attorney General is authorized to publish the name of the data collector, the types of information compromised, and the date range of the breach.
Applicability
This law applies to all school districts.
Privacy

Family Educational Rights and Privacy Act (FERPA)

Summary
FERPA generally prohibits educational agencies and institutions from disclosing students’ education records, whether they be electronic or written, without written parent or eligible student consent. “Student education records” are broadly defined to include any records, files, or documents that contain information directly related to a student and that are maintained by or for an educational agency or institution. However, FERPA limits on disclosure to apply only to personally identifiable information on students.
Applicability
The law applies to all schools that receive funds under various programs of the U.S. Department of Education.
Privacy

Right to Privacy in the Work Place

Summary
Employers are prohibited from requiring employee disclosure of social-media passwords, and are also prohibited from demanding access to social media accounts. Employers are not prohibited from maintaining workplace policies governing the use of the employer’s electronic equipment, including internet/social networking/email use, and are further not prohibited from monitoring the usage of the employer’s electronic equipment (without requesting or using any employee’s to provide any password in order to gain access to the employee’s personal account).
Applicability
This law applies to all school districts.
Privacy

Right to Privacy in School Setting; Notification

Summary
Elementary or secondary schools must provide notification to the student and his or her parent or guardian that the school may not request or require a student to provide a password or other account information to gain access to the student’s account or profile on a social networking website. Elementary or secondary schools must provide notification to the student and his or her parent or guardian that the school may conduct an investigation, or require a student to cooperate in an investigation, if there is specific information about activity that violates a disciplinary rule or policy. The notification must be published in the elementary or secondary school’s disciplinary rules, policies, handbook, or communicated by similar means.
Applicability
This law applies to a public elementary or secondary school or school district or a nonpublic school recognized by the State Board of Education.
Privacy

Illinois School Student Records Act

Summary
Each school shall designate an official records custodian who is responsible for the maintenance, care and security of all school student records, whether they are in electronic or hard-copy form, and whether or not such student records are in his or her personal custody or control. The official records custodian shall take all reasonable measures to prevent unauthorized access to or dissemination of school student records.
Applicability
This law applies to all school districts.
Privacy

Student Online Personal Protection Act Parent Requests

Summary
Upon a parent’s request, a school must request an operator to delete covered information on behalf of a student, so long as the deletion of the covered information does not violate State or federal records laws.
Applicability
This law applies to all school districts other than nonpublic schools.
Privacy

Student Online Personal Protection Act Breach

Summary
In the event of a breach, the school shall notify the parent of any student whose covered information was involved in the breach within 30 days after receipt of notice of the breach by the operator, or determination that a breach has occurred, and include the following information: (i) date, estimated date or date range of the breach; (ii) description of the compromised covered information; (iii) information the parent may use to contact the operator and the school to inquire about the breach; (iv) toll-free numbers, addresses, and websites for consumer reporting agencies; (v) toll-free number, address, and website for Federal Trade Commission; and (vi) A statement that the parent may obtain information from the Federal Trade Commission and consumer reporting agencies about fraud alerts and security freezes.
Applicability
This law applies to all school districts other than nonpublic schools.
Privacy

Student Online Personal Protection Act Use of Covered Information

Summary
No school district may sell, rent, lease or trade any covered information. (i) Additionally, schools (other than nonpublic schools) may not share, transfer, disclose, or provide access to a student’s covered information to an entity or individual, other than the student’s parent, school personnel, appointed or elected school board members or local school council members, or the State Board, absent a written agreement, unlessi) it is for the protection and safety of others, or the security or integrity of the operator’s service; (ii) required by court order or State or federal law; or (iii) to ensure legal or regulatory compliance.
Applicability
The provision prohibiting the sale, rent, lease, or trade of information applies to all school districts. However, the provision regarding the prohibition on sharing or providing access to the information applies only to schools other than nonpublic schools.
Privacy

Student Online Personal Protection Act Written Agreements

Summary
Any written agreement under which the disclosure of covered information between a school and a third party takes place must include a provision requiring the entity to whom the covered information is disclosed to implement and maintain reasonable security procedures and practices to protect covered information from unauthorized access, destruction, use, modification, or disclosure.
Applicability
This law applies to all school districts other than nonpublic schools.
Privacy

Student Online Personal Protection Act Written Agreements

Summary
Each school must adopt a policy designating which school employees are authorized to enter into written agreements with operators.
Applicability
This law applies to all school districts other than nonpublic schools.
Privacy

Student Online Personal Protection Act Written Agreements

Summary
The written agreement required by the Student Online Personal Protection Act between school districts and operators can be in electronic form and signed with a digital signature or a “click wrap” agreement and must contain: (i) the type of covered information; (ii) statement of the product or service; (iii) specific language prescribed by statute regarding the authorized use of the covered information; (iv) how costs incurred by the school will be allocated in the event of a breach; (v) statement that the operator must delete or transfer to the school all covered information if the information is no longer needed for the purposes of the written agreement, and specifications for the time period in which the information must be deleted or transferred; and (vi) statement that the school must publish the written agreement on the school’s website, or available for inspection if no website is maintained.
Applicability
This law applies to “operators”, but does not apply to nonpublic schools. “Operator” means: To the extent that an entity is operating in this capacity, the operator of an Internet website, online service, online application, or mobile application with actual knowledge that the site, service, or application is used primarily for K through 12 school purposes, and was designed and marketed for K through 12 school purposes.

Disclaimer: Nothing contained in this resource is intended to be construed as legal advice, nor is it intended to be a comprehensive reference of every statute, regulation, or rule that may relate to technology within school districts. Any issues pertaining to school districts should be thoroughly researched and discussed with legal counsel.