SOPPA FAQ

As budget season approaches we would like to remind you that the new legislative changes for SOPPA take effect July 1, 2021. While we do not foresee that this will have a significant impact on the budget you create for Ed Tech, we do want you to be aware so that you can take your school’s needs into consideration.

Before securing and leveraging any educational technology, you will need to ensure that it is part of our approved vendor and platforms list. This includes offerings that are free to use as well as those with a cost attached. We are currently working with our partners in Law, EdTech, Procurement, and Information Security to pre-approve as many vendors as we can ahead of the 2021-2022 school year. For more information on this process or to verify if your partners are pre-approved, please email privacyoffice@cps.edu.

Before securing and leveraging any educational technology, you will need to ensure that it is part of our approved vendor and platforms list. This includes offerings that are free to use as well as those with a cost attached. We are currently working with our partners in Law, EdTech, Procurement, and Information Security to pre-approve as many vendors as we can ahead of the 2021-2022 school year.

If you are a CPS parent or guardian, you will have greater control over your child’s covered information. In many cases, SOPPA gives parents the right to inspect and the right to request corrections and deletions to their child’s covered information.

Teachers will need to ensure that any EdTech used in their classrooms has been approved.

We are currently developing an internal site for Principals and teachers on the Knowledge Center. More will be communicated as it becomes available.

Currently, we have approved vendors on the Learn Platform. We are currently working on migrating to another platform, more information to come soon.

The parent-facing page is live on CPS.edu available at cps.edu/soppa.
We are currently developing an internal site for Principals and teachers on the Knowledge Center. More will be communicated as it becomes available.

Any questions on SOPPA should be directed to privacyoffice@cps.edu.

Any questions regarding the vendors showing on the learn platform (status, renewal, etc), please contact edtech@cps.edu.

Any questions regarding AI, please contact AI@cps.edu.

No

Yes, for the purposes of SOPPA compliance, any AI product that would leverage student data would need to submit a proposal to a district solicitation like any other educational technology vendor.

The district maintains a public-facing AI guidebook for schools, which can be found here.

Please refer to the Learn Platform to see which vendors we are working with or in the process of working with.

For internal CPS users, please go to the CPS portal page and look for the application called “learn” - there you will find the internal version.

• Sponsorship (New Vendor / First time): Initial request to onboard a vendor.
• Attestation (Annual Renewal): Yearly “check-in” to confirm nothing changed (data, integrations, security, scope) and to capture updates if it did.
• Sponsorships can only be initiated by a CPS Business Sponsor (teacher, principal, etc.).

This depends on what the app requires and/or offers. AI vendors need to be vetted by our IT teams. Without approval, these types of vendors cannot be used. If a vendor does not collect any data or require a login by students, then, in some cases, apps not listed on the Learn Platform can be used.

Student data constitutes anything in addition to first name. This also includes voice recordings, photos, and videos. Anything that could easily point to one student.

Yes, as long as there is no identifying information (name, etc).

Generally, yes. As long as zero identifying information isn’t required and/or offered. If you are unsure, please reach out to edtech@cps.edu and privacy@cps.edu for more information.

• If anyone must log in → Contract.
• If students are involved → Contract.
• If any data is exchanged → Contract.
• If unsure → treat as YES.

These questions help CPS quickly confirm:

• What the vendor is providing?
• Whether the vendor will connect to CPS networks?
• Whether the vendor will collect student or staff information?
• Whether CPS needs extra approvals (ITS, Privacy, Legal, Procurement, Background Checks)?

This protects CPS networks, district data, and student/staff privacy.

To be compliant, vendors must sign a Data Privacy Agreement (DPA) that outlines how data is stored, protected, and eventually deleted. You are strictly prohibited from:

• Engaging in targeted advertising on your platform.
• Creating "student profiles" for non-educational purposes.
• Selling or renting student information.