๐Ÿ›๏ธ Illinois EdTech Compliance Guide
โ† Back to Site

ILLINOIS EDTECH COMPLIANCE GUIDE

SOPPA ยท BIPA ยท ISSRA ยท IL-NDPA

The Scribe Academy

Last Updated: December 2024

โš ๏ธ

Illinois: High-Compliance State

Illinois has the most stringent EdTech privacy laws in the US. Key differences from California:

  • Public Transparency: Schools must post vendor contracts publicly within 10 days
  • BIPA Class Actions: Individuals can sue directly for biometric violations ($1,000-$5,000 per violation)
  • Standardized Contracts: Districts expect IL-NDPA, not custom Terms of Service

COMPLIANCE SUMMARY

Requirement Law Status
IL-NDPA Contract Ready SOPPA โœ“ READY
Data Inventory Sheet SOPPA โœ“ READY
No Biometric Collection BIPA โœ“ COMPLIANT
Parent Data Export ISSRA โœ“ AVAILABLE
24-48hr Breach Notification SOPPA โœ“ DOCUMENTED

1. IL-NDPA (Illinois National Data Privacy Agreement)

โœ“ READY TO SIGN Exhibit E Available

What is IL-NDPA?

The Illinois National Data Privacy Agreement is a standardized contract developed by the Student Data Privacy Consortium (SDPC). Illinois districts prefer this over custom Terms of Service because it's pre-approved for public posting.

How It Works:

  1. First District: Sign the full IL-NDPA with your first Illinois customer (Originating LEA)
  2. Exhibit E: Other districts can "piggyback" by signing only Exhibit E
  3. Public Posting: District posts the agreement on their website within 10 days

Our Status:

The Scribe Academy is prepared to sign the IL-NDPA with any Illinois district. Our data practices align with IL-NDPA requirements. Contact us to initiate the signing process.

2. SOPPA (Student Online Personal Protection Act)

Key Requirements

SOPPA is Illinois's version of SOPIPA with stricter transparency requirements. Schools must publicly post data inventories.

Public Data Inventory:

We provide a complete list of every data element collected:

Identifiers

  • โ€ข First Name, Last Name
  • โ€ข Email Address
  • โ€ข Firebase UID

Educational Records

  • โ€ข Essay Submissions
  • โ€ข Outlines & Drafts
  • โ€ข AI Feedback Reports

Progress Data

  • โ€ข Mission Completion
  • โ€ข Brain Points
  • โ€ข Badges Earned

Technical Data

  • โ€ข Activity Logs
  • โ€ข Session Timestamps
  • โ€ข Accessibility Preferences

What We Do NOT Collect:

  • โŒ IP Addresses (not stored)
  • โŒ Keystroke Patterns / Typing Dynamics
  • โŒ Mouse Movement Tracking
  • โŒ Voice Recordings (TTS is output only)
  • โŒ Biometric Data of any kind

Breach Notification (Illinois Timeline):

24-48

HOURS

Notify school district

30

DAYS

District notifies parents

3. BIPA (Biometric Information Privacy Act)

โš ๏ธ

High-Risk Law: Class Action Liability

BIPA allows individuals to sue directly for $1,000-$5,000 per violation. This has triggered massive class-action lawsuits against EdTech companies.

โœ“ COMPLIANT No Biometric Collection

The Scribe Academy does NOT collect any biometric data:

  • โŒ No keystroke dynamics / typing pattern analysis
  • โŒ No voice recording or voice-to-text storage
  • โŒ No facial recognition or camera access
  • โŒ No fingerprint or other biometric identifiers

BIPA-Safe Features:

  • Text Input Only: Students type essays using standard keyboard input
  • TTS Output Only: Text-to-Speech generates audio but does not record student voice
  • No Proctoring: No cheating detection via typing patterns or camera

4. ISSRA (Illinois School Student Records Act)

Parent Access Rights

ISSRA grants parents broad rights to inspect their child's school records. Student essays stored in The Scribe Academy are considered legal records.

โœ“ Compliance Features:

  • Export User Data: Administrators can export all student data as JSON
  • Mission Reports: PDF-ready reports of student writing and feedback
  • Activity Logs: Complete history of student actions
  • 10-Day Turnaround: Data can be exported within 10 business days of parent request

Parent Request Process:

  1. Parent submits request to school administrator
  2. Administrator uses "Export User Data" feature
  3. Complete student history exported as JSON/PDF
  4. Administrator provides data to parent within 10 business days

5. Student Generated Content (Essays)

SOPPA Definition

Under Illinois SOPPA, "Student Generated Content" (essays, writing samples) is explicitly defined as "Covered Information" with special protections.

โœ“ Our Commitment:

  • Student essays are NEVER used to train AI models
  • Essays are processed in real-time for feedback only
  • No commercial use of student writing
  • Essays remain property of the student/school
  • Full deletion upon request or contract termination

ILLINOIS DEPLOYMENT CHECKLIST

โœ“

IL-NDPA Ready

Prepared to sign with first Illinois district

โœ“

Data Inventory Sheet

Complete list of all data elements for public posting

โœ“

BIPA Compliant

No biometric data collection

โœ“

Parent Export Feature

ISSRA-compliant data access within 10 days

โœ“

24-48hr Breach Notification

Incident response plan documented

The Scribe Academy | AI-Powered Writing Education

thescribesacademy.com | support@thescribesacademy.com

Document Version: 1.0 | Last Updated: December 2024