HackFirstAidEducation
Regulatory grid

State overlay · IL

Illinois

Student Online Personal Protection Act (SOPPA)

SOPPA requires LEAs to publish covered-vendor lists, sign SOPPA-specific DPAs, and notify families within 30 days of confirming a breach.

Notification window

30 calendar days from confirmation of a breach involving covered information.

Regulators

Illinois State Board of Education (ISBE)

ISBE Information Security.

Illinois Attorney General

If 500+ IL residents affected.

Unique gotchas

  • SOPPA's vendor list must be on the public district website — verify it is current before the breach goes public.
  • Regional Offices of Education (ROEs) coordinate for smaller districts.

Testing authority

ISBE Assessment Division (IAR)