Rep. Scott Drury
Filed: 3/23/2015
 
 

 

 

 
09900HB1536ham001LRB099 08777 NHT 33065 a



1
AMENDMENT TO HOUSE BILL 1536




2    AMENDMENT NO. ______. Amend House Bill 1536 by replacing 
3everything after the enacting clause with the following:

 
4    "Section 5. The School Code is amended  by adding Sections 
522-80 and 22-81 as follows:
 
6    (105 ILCS 5/22-80 new)
7    Sec. 22-80. Student data privacy.
8    (a) It is the intent of the General Assembly to help ensure 
9that information generated by and about students in the course 
10of, and in connection with, their education is safeguarded and 
11that student privacy is honored, respected and protected.  The 
12General Assembly finds the following:
13        (1) Information generated by and about students in the 
14    course of, and in connection with, their education is a 
15    vital resource for teachers and school staff in planning 
16    education programs and services, scheduling students into 
 
 
09900HB1536ham001- 2 -LRB099 08777 NHT 33065 a

1    appropriate classes and completing reports for educational 
2    agencies.
3        (2) Information generated by and about students in the 
4    course of, and in connection with, their education is 
5    critical to educators in helping students successfully 
6    graduate from high school and being ready to enter the 
7    workforce or postsecondary education.
8        (3) While information generated by and about students 
9    in the course of, and in connection with, their education 
10    is important for educational purposes, it is also 
11    critically important to ensure that the information is 
12    protected, safeguarded and kept private and used only by 
13    appropriate educational authorities or their permitted 
14    designees and then, only to serve the best interests of the 
15    student.
16    To that end, this Section will help ensure that information 
17generated by and about students in the course of, and in 
18connection with, their education is protected and expectations 
19of privacy are honored.
20    (b) In this Section:
21    "Biometric record" shall have the meaning set forth in the 
22Illinois School Student Records Act.
23    "Eligible student" shall have the meaning set forth in the 
24Illinois School Student Records Act.
25    "Parent" shall have the meaning set forth in the Illinois 
26School Student Records Act.
 
 
09900HB1536ham001- 3 -LRB099 08777 NHT 33065 a

1    "Personally identifiable information" shall have the 
2meaning set forth in the Illinois School Student Records Act.
3    "Record" shall have the meaning set forth in the Illinois 
4School Student Records Act.
5    "School" shall have the meaning set forth in the Illinois 
6School Student Records Act.
7    "School board" shall have the meaning set forth in the 
8Illinois School Student Records Act.
9    "School student record" shall have the meaning set forth in 
10the Illinois School Student Records Act.
11    "State Board" shall have the meaning set forth in the 
12Illinois School Student Records Act.
13    "Student" shall have the meaning set forth in the Illinois 
14School Student Records Act.
15    "Student data" means school student records, student 
16permanent records, student temporary records, or any other 
17records, personally identifiable information, or intellectual 
18property of a student.
19    "Student permanent record" shall have the meaning set forth 
20in the Illinois School Student Records Act.
21    "Student temporary record" shall have the meaning set forth 
22in the Illinois School Students Records Act.
23    "Targeted advertising" means any form of advertising aimed 
24directly at a specific individual or group of individuals based 
25on a known or assumed trait or traits, including, but not 
26limited to, age, gender, race, grade level, address, observed 
 
 
09900HB1536ham001- 4 -LRB099 08777 NHT 33065 a

1behavior, or academic achievement.
2    "Vendor" means any entity and its officers, employees, 
3agents, independent contractors,  and subcontractors that 
4provides or offers to provide a product or service to a school 
5board, which product or service is marketed or designed for 
6school purposes or which the entity knows or reasonably should 
7know will be used for school purposes.
8    (c) Any vendor who receives any student data from a school 
9board or the State Board in any manner is prohibited from:
10        (1) advertising or marketing, including targeted 
11    advertising, based on:
12            (A) any information, including personally 
13        identifiable information, contained in the school 
14        student records, student permanent records, student 
15        temporary records, or any other records of a student;
16            (B) any information generated by or about students 
17        in connection with their use of the vendor's product or 
18        service; or
19            (C) any records created by the vendor as a result 
20        of students' use of the vendor's product or service;
21        (2) creating, generating, or otherwise amassing a 
22    profile about any student for any purpose other than to 
23    provide the school board with information about student 
24    academic growth or achievement;
25        (3) selling or otherwise disclosing the following to 
26    anyone other than the school board, unless such sale or 
 
 
09900HB1536ham001- 5 -LRB099 08777 NHT 33065 a

1    disclosure is required by court order or to comply with the 
2    Illinois  School Student Records Act or the federal Family 
3    Educational Rights and Privacy Act (20 U.S.C. 1232g) or is 
4    expressly authorized by this Section:
5            (A) any information, including personally 
6        identifiable information, contained in the school 
7        student records, student permanent records, student 
8        temporary records, or any other records of a student;
9            (B) any information generated by or about students 
10        in connection with their use of the vendor's product or 
11        service;
12            (C) any records created by the vendor as a result 
13        of students' use of the vendor's product or service; or
14            (D) any student's intellectual property;
15        (4) exercising or claiming any rights, implied or 
16    otherwise, to:
17            (A) any information, including personally 
18        identifiable information, contained in the school 
19        student records, student permanent records, student 
20        temporary records, or any other records of a student;
21            (B) any information generated by or about students 
22        in connection with their use of the vendor's product or 
23        service;
24            (C) any records created by the vendor as a result 
25        of students' use of the vendor's product or service; or
26            (D) any student's intellectual property;
 
 
09900HB1536ham001- 6 -LRB099 08777 NHT 33065 a

1        (5) storing or processing outside the United States:
2            (A) any information, including personally 
3        identifiable information, contained in the school 
4        student records, student permanent records, student 
5        temporary records or any other records of a student;
6            (B) any information generated by or about students 
7        in connection with their use of the vendor's product or 
8        service;
9            (C) any records created by the vendor as a result 
10        of students' use of the vendor's product or service; or
11            (D) any student's intellectual property;
12        (6) transferring the following to any third party 
13    (including subcontractors), affiliate, or government 
14    agency other than the State Board, unless required by court 
15    order or expressly authorized by the school board in 
16    compliance with this Section:
17            (A) any information, including personally 
18        identifiable information, contained in the school 
19        student records, student permanent records, student 
20        temporary records, or any other records of a student;
21            (B) any information generated by or about students 
22        in connection with their use of the vendor's product or 
23        service;
24            (C) any records created by the vendor as a result 
25        of students' use of the vendor's product or service; or
26            (D)  any student's intellectual property;
 
 
09900HB1536ham001- 7 -LRB099 08777 NHT 33065 a

1        (7) permitting access by anyone to the following, 
2    unless such access is required for the vendor to provide 
3    its product or service to the school board:
4            (A) any information, including personally 
5        identifiable information, contained in the school 
6        student records, student permanent records, student 
7        temporary records or any other records of a student;
8            (B) any information generated by or about students 
9        in connection with their use of the vendor's product or 
10        service;
11            (C) any records created by the vendor as a result 
12        of students' use of the vendor's product or service; or
13            (D)  any student's intellectual property;
14        (8) requiring a school board or its employees, agents, 
15    volunteers, or students to indemnify a vendor or pay the 
16    vendor's attorneys' fees or costs in connection with any 
17    dispute arising out of, or otherwise connected to, student 
18    data;
19        (9) requiring a school board or its employees, agents, 
20    volunteers, or students to arbitrate any dispute arising 
21    out of, or otherwise connected to, student data;
22        (10) entering into any contract or other agreement with 
23    a school board that authorizes in any manner activities 
24    prohibited by this Section; and
25        (11) modifying or otherwise altering the terms and 
26    conditions of any contract or other agreement with a school 
 
 
09900HB1536ham001- 8 -LRB099 08777 NHT 33065 a

1    board related to student data without the express consent 
2    of the school board.
3    (d) Any vendor who receives any educator data from a school 
4board or the State Board in any manner shall:
5        (1) store and process such records and information in 
6    accordance with commercial best practices, which shall 
7    include, but not be limited to, data-security practices set 
8    forth by the United States Department of Education Privacy 
9    Technical Assistance Center and any rules adopted by the 
10    State Board;
11        (2) implement and maintain appropriate administrative, 
12    physical, and technical safeguards, to secure such records 
13    and information from unauthorized access, destruction, 
14    use, modification, or disclosure, which safeguards shall 
15    be consistent with any rules adopted by the State Board and 
16    any guidance provided by the United States Department of 
17    Education Privacy and Technical Assistance Center;
18        (3) immediately notify the school board of any security 
19    breach resulting in unauthorized access to any student 
20    data, regardless of whether it is the school board's 
21    student data;
22        (4) delete the personally identifiable information of 
23    a specific student:
24            (A) at the request of the student's school or 
25        school board; or
26            (B) at the request of an eligible student or a 
 
 
09900HB1536ham001- 9 -LRB099 08777 NHT 33065 a

1        parent, provided the school board consents to the 
2        request;
3        (5) designate an officer or employee as a responsible 
4    person who shall be trained in a manner so as to ensure 
5    compliance with this Section and ensure the security and 
6    confidentiality of student data;
7        (6) within 30 days of the completion or termination of 
8    the terms of any contract with a school board related to 
9    student data, delete or return to the school board all 
10    student data and information and records generated 
11    therefrom and, in the event of deletion, provide a written 
12    certification that such deletion has occurred.  In the event 
13    the vendor chooses to delete the data, records, and 
14    information described in this subdivision (6), it shall 
15    provide the school board with a written certification that 
16    the data, records, and information have been deleted, which 
17    certification shall be provided to the school board within 
18    30 days of the termination of the contract;
19        (7) permit eligible students and parents to access and 
20    correct any information contained in the school student 
21    records, student permanent records, student temporary 
22    records, or any other records provided to the vendor by the 
23    school board;
24        (8) permit a school board to audit and inspect the 
25    vendor's practices with respect to any student data 
26    received by the vendor from the school board or any 
 
 
09900HB1536ham001- 10 -LRB099 08777 NHT 33065 a

1    information or records generated therefrom;
2        (9) permit the school board access to any student data 
3    provided by the school board and any information and 
4    records generated therefrom in order for the school board 
5    to respond to a request under the Freedom of Information 
6    Act or pursuant to a court order;
7        (10) be permitted to diagnose and correct problems with 
8    the vendor's product or service, provided that to diagnose 
9    or correct a problem does not require the vendor to engage 
10    in any activities prohibited by this Section; and
11        (11) agree that any dispute arising out of, or 
12    otherwise connected to, student data shall be litigated 
13    using Illinois law and that the proper venue is the circuit 
14    court of the county in which the school board is located.
15    (e) Any vendor who seeks to receive from a school board or 
16the State Board in any manner any student data is required to 
17enter into a written contract with the school board before any 
18records can be transferred, which contract shall contain the 
19following:
20        (1) provisions consistent with each requirement set 
21    forth in subsections (c) and (d) of this Section;
22        (2) a listing of the precise student data to be 
23    provided to the vendor;
24        (3) a statement of the product or service being 
25    provided to the school board by the vendor;
26        (4) a statement that the vendor is a school official 
 
 
09900HB1536ham001- 11 -LRB099 08777 NHT 33065 a

1    with a legitimate educational interest, performing an 
2    institutional service or function for which the school 
3    board would otherwise use employees, under the direct 
4    control of the school board with respect to the use and 
5    maintenance of student data, and is using such student data 
6    only for an authorized purpose and will not re-disclose it 
7    to third parties or affiliates without permission from the 
8    school board or pursuant to court order;
9        (5) a statement that the student data continues to be 
10    the property of and under the control of the school board, 
11    and the vendor has a limited, nonexclusive license solely 
12    for the purpose of performing its obligations under the 
13    contract;
14        (6) a description of the actions the vendor will take 
15    to ensure the security and confidentiality of student data;  
16    compliance with this requirement shall not, in itself, 
17    absolve the vendor of liability in the event of an 
18    unauthorized disclosure of student data; and
19        (7) a statement that the contract is the entire 
20    agreement between the school board (including school board 
21    employees and other end users) and the vendor.
22    (f) Each school board shall adopt a policy regarding which 
23school employees have the power to bind the school board to the 
24terms of any agreements, whether electronic, click-through, 
25click-wrap, verbal, or in writing.  If a vendor enters into an 
26agreement with an employee or other end users who are not 
 
 
09900HB1536ham001- 12 -LRB099 08777 NHT 33065 a

1authorized through the school board's policy to enter into such 
2an agreement, then the agreement shall be voidable by the 
3school board.
4    (g) Each school board entering into a contract or agreement 
5as allowed by this Section shall maintain an original copy of 
6its term and conditions at the school board's primary place of 
7business, including a copy of the terms and conditions set 
8forth in any agreement described in subsection (f) of this 
9Section.
10    (h) The State Board shall create, publish, and make 
11publicly available all data elements collected by the State 
12Board that contain personally identifiable information.
13    (i) In the event of a security breach resulting, in whole 
14or in part, from the vendor's conduct, in addition to any other 
15remedies available to the school board under law or equity, the 
16vendor shall reimburse the school board in full for all costs 
17and expenses incurred by the school board in investigating and 
18remediating the breach, including, but not limited to:
19        (1) providing notification to those students and their 
20    parents, in the event the student is under the age of 18, 
21    whose personally identifiable information was compromised 
22    and to regulatory agencies or other entities as required by 
23    law or contract;
24        (2) providing one year's credit monitoring to those 
25    students and eligible students whose student data was 
26    exposed in such a manner during the breach that a 
 
 
09900HB1536ham001- 13 -LRB099 08777 NHT 33065 a

1    reasonable person would have cause to believe that it could 
2    impact his or her credit or financial security; and
3        (3) payment of legal fees, audit costs, fines, and 
4    other fees or damages imposed against the school board as a 
5    result of the security breach.
6    (j) The State Board shall develop, publish, and make 
7publicly available model student data privacy policies and 
8procedures that comply with relevant state and federal law.
9    (k) Within 180 days after the effective date of this 
10amendatory Act of the 99th General Assembly, the State Board 
11shall create a model notice that school boards may use to 
12provide notice to parents that states, in general terms, what 
13types of student data are collected by the school board and 
14shared with vendors under this Section and the purposes of 
15collecting and using the student data.  Upon the creation of the 
16notice described in this subsection (k), a school board shall, 
17at the beginning of each school year, provide such notice in 
18writing or electronically to parents and eligible students.
19    (l) In addition to any other penalties, any contract 
20governed by this Section that fails to comply with the 
21requirements of this Section shall be rendered void if, upon 
22notice and a reasonable opportunity to cure, the noncompliant 
23party fails to cure any defect. Written notice of noncompliance 
24may be provided by either party to the contract. Any vendor 
25subject to a contract voided under this subdivision is 
26required, within 60 days, to return all student data and any 
 
 
09900HB1536ham001- 14 -LRB099 08777 NHT 33065 a

1information or records generated therefrom in its possession to 
2the school board.  Any vendor that fails to cure any defect in 
3the contract shall not be entitled to any payment required 
4under the contract and shall return to the school board all 
5payments previously made by the school board.
 
6    (105 ILCS 5/22-81 new)
7    Sec. 22-81. Educator data privacy.
8    (a) It is the intent of the General Assembly to help ensure 
9that information generated by and about educators in the course 
10of, and in connection with, the performance of their duties is 
11safeguarded and that educator privacy is honored, respected and 
12protected.  The General Assembly finds the following:
13        (1) Information generated by and about educators in the 
14    course of, and in connection with, the performance of their 
15    duties is a vital resource for school boards, the State 
16    Board and research organizations in planning education 
17    programs and services, completing reports for educational 
18    agencies, and improving the performance of schools.
19        (2) Information generated by and about educators in the 
20    course of, and in connection with, the performance of their 
21    duties is critical to the performance and improvement of 
22    schools.
23        (3) While information generated by and about educators 
24    in the course of, and in connection with the, performance 
25    of their duties is important for educational purposes, it 
 
 
09900HB1536ham001- 15 -LRB099 08777 NHT 33065 a

1    is also critically important to ensure that the information 
2    is protected, safeguarded and kept private and used only by 
3    appropriate educational authorities or their permitted 
4    designees.
5    To that end, this Section will help ensure that information 
6generated by and about educators in the course of, and in 
7connection with, the performance of their duties is protected 
8and expectations of privacy are honored.
9    (b) In this Section:
10    "Biometric record" shall have the meaning set forth in the 
11Illinois School Student Records Act.
12    "Educator" means any person employed by or otherwise 
13working for a school board to provide educational services 
14within a school.
15    "Educator data" means educator records or any other records 
16containing personally identifiable information of an educator.
17    "Educator record" means any writing or other recorded 
18information concerning an educator by which an educator may be 
19individually or personally identified maintained by a school or 
20at its direction or by an employee of a school, regardless of 
21how or where the information is stored.
22    "Personally identifiable information" means:
23        (1) the educator's name;
24        (2) the names of the educator's immediate family 
25    members;
26        (3) the address of the educator or educator's immediate 
 
 
09900HB1536ham001- 16 -LRB099 08777 NHT 33065 a

1    family members;
2        (4) a personal identifier, such as the educator's 
3    social security number, student number, or biometric 
4    record;
5        (5) other indirect identifiers, such as the educator's 
6    date of birth, place of birth, and mother's maiden name;
7        (6) other information that, alone or in combination, is 
8    linked or linkable to a specific educator that would allow 
9    a reasonable person in the school community, who does not 
10    have personal knowledge of the relevant circumstances, to 
11    identify the educator with reasonable certainty; or
12        (7) information requested by a person who the 
13    educational agency or institution reasonably believes 
14    knows the identity of the educator to whom the record 
15    relates.
16    "Record" means any information recorded or generated in any 
17way, including, but not limited to, electronically-generated 
18data, handwriting, print, computer media, video or audio tape, 
19film, microfilm, and microfiche.
20    "School" shall have the meaning set forth in the Illinois 
21School Student Records Act.
22    "School board" shall have the meaning set forth in the 
23Illinois School Student Records Act.
24    "State Board" shall have the meaning set forth in the 
25Illinois School Student Records Act.
26    "Targeted advertising" means any form of advertising aimed 
 
 
09900HB1536ham001- 17 -LRB099 08777 NHT 33065 a

1directly at a specific individual or group of individuals based 
2on a known or assumed trait, or traits, including, but not 
3limited to, age, gender, race, address, observed behavior, or 
4classroom performance.
5    "Vendor" means any entity and its officers, employees, 
6agents, independent contractors,  and subcontractors that 
7provides or offers to provide a product or service to a school 
8board, which product or service is marketed or designed for 
9school purposes or which the entity knows or reasonably should 
10know will be used for school purposes.
11    (c) Any vendor who receives any educator data from a school 
12board or the State Board in any manner is prohibited from:
13        (1) advertising or marketing, including targeted 
14    advertising, based on:
15            (A) any information, including personally 
16        identifiable information, contained in the educator 
17        records;
18            (B) any information generated by or about 
19        educators in connection with their use of the vendor's 
20        product or service; or
21            (C) any records created by the vendor as a result 
22        of educators' use of the vendor's product or service;
23        (2) creating, generating, or otherwise amassing a 
24    profile about any educator for any purpose other than to 
25    provide the school board with information about educator 
26    performance or achievement;
 
 
09900HB1536ham001- 18 -LRB099 08777 NHT 33065 a

1        (3) selling or otherwise disclosing the following to 
2    anyone other than the school board,  unless such sale or 
3    disclosure is required by court order or is expressly 
4    authorized by this Section:
5            (A) any information, including personally 
6        identifiable information, contained in the educator 
7        records;
8            (B) any information generated by or about 
9        educators in connection with their use of the vendor's 
10        product or service; or
11            (C) any records created by the vendor as a result 
12        of educators' use of the vendor's product or service;
13    
14        (4) exercising or claiming any rights, implied or 
15    otherwise, to:
16            (A) any information, including personally 
17        identifiable information, contained in the educator 
18        records;
19            (B) any information generated by or about 
20        educators in connection with their use of the vendor's 
21        product or service; or
22            (C) any records created by the vendor as a result 
23        of educators' use of the vendor's product or service;
24        (5) storing or processing outside the United States:
25            (A) any information, including personally 
26        identifiable information, contained in the educator 
 
 
09900HB1536ham001- 19 -LRB099 08777 NHT 33065 a

1        records;
2            (B) any information generated by or about 
3        educators in connection with their use of the vendor's 
4        product or service; or
5            (C) any records created by the vendor as a result 
6        of educators' use of the vendor's product or service;
7        (6) transferring the following to any third-party 
8    (including subcontractors), affiliate, or government 
9    agency other than the State Board, unless required by court 
10    order or expressly authorized by the school board in 
11    compliance with this Section:
12            (A) any information, including personally 
13        identifiable information, contained in the educator 
14        records;
15            (B) any information generated by or about 
16        educators in connection with their use of the vendor's 
17        product or service; or
18            (C) any records created by the vendor as a result 
19        of educators' use of the vendor's product or service;
20        (7) permitting access by anyone to the following, 
21    unless such access is required for the vendor to provide 
22    its product or service to the school board:
23            (A) any information, including personally 
24        identifiable information, contained in the educator 
25        records;
26            (B) any information generated by or about 
 
 
09900HB1536ham001- 20 -LRB099 08777 NHT 33065 a

1        educators in connection with their use of the vendor's 
2        product or service; or
3            (C) any records created by the vendor as a result 
4        of educators' use of the vendor's product or service;
5        (8) requiring a school board or its employees, agents, 
6    volunteers, or educators to indemnify a vendor or pay the 
7    vendor's attorneys' fees or costs in connection with any 
8    dispute arising out of, or otherwise connected to, educator 
9    data;
10        (9) requiring a school board or its employees, agents, 
11    volunteers, or educators to arbitrate any dispute arising 
12    out of, or otherwise connected to, educator data;
13        (10) entering into any contract or other agreement with 
14    a school board that authorizes in any manner activities 
15    prohibited by this Section; and
16        (11) modifying or otherwise altering the terms and 
17    conditions of any contract or other agreement with a school 
18    board related to educator data without the express consent 
19    of the school board.
20    (d) Any vendor who receives any educator data from a school 
21board or the State Board in any manner shall:
22        (1) store and process such records and information in 
23    accordance with commercial best practices, which shall 
24    include, but not be limited to, data-security practices set 
25    forth by the United States Department of Education Privacy 
26    Technical Assistance Center and any rules adopted by the 
 
 
09900HB1536ham001- 21 -LRB099 08777 NHT 33065 a

1    State Board;
2        (2) implement and maintain appropriate administrative, 
3    physical, and technical safeguards, to secure such records 
4    and information from unauthorized access, destruction, 
5    use, modification, or disclosure, which safeguards shall 
6    be consistent with any rules adopted by the State Board and 
7    any guidance provided by the United States Department of 
8    Education Privacy and Technical Assistance Center;
9        (3) immediately notify the school board of any security 
10    breach resulting in unauthorized access to any educator 
11    data, regardless of whether it is the school board's 
12    educator data;
13        (4) delete the personally identifiable information of 
14    a specific educator:
15            (A) at the request of the educator's school or 
16        school board; or
17            (B) at the request of an educator, provided the 
18        school board consents to the request;
19        (5) designate an officer or employee as a responsible 
20    person who shall be trained in a manner so as to ensure 
21    compliance with this Section and ensure the security and 
22    confidentiality of student data;
23        (6) within 30 days of the completion or termination of 
24    the terms of any contract with a school board related to 
25    educator data, delete or return to the school board all 
26    educator data and information and records generated 
 
 
09900HB1536ham001- 22 -LRB099 08777 NHT 33065 a

1    therefrom and, in the event of deletion, provide a written 
2    certification that such deletion has occurred.  In the event 
3    the vendor chooses to delete the data, records, and 
4    information described in this subdivision (6), it shall 
5    provide the school board with a written certification that 
6    the data, records, and information have been deleted, which 
7    certification shall be provided to the school board within 
8    30 days of the termination of the contract;
9        (7) permit educators to access and correct any 
10    information contained in the educator records provided to 
11    the vendor by the school board;
12        (8) permit a school board to audit and inspect the 
13    vendor's practices with respect to any educator data 
14    received by the vendor from the school board or any 
15    information or records generated therefrom;
16        (9) permit the school board access to any educator data 
17    provided by the school board and any information and 
18    records generated therefrom in order for the school board 
19    to respond to a request under the Freedom of Information 
20    Act or pursuant to a court order;
21        (10) be permitted to diagnose and correct problems with 
22    the vendor's product or service, provided that to diagnose 
23    or correct a problem does not require the vendor to engage 
24    in any activities prohibited by this Section; and
25        (11) agree that any dispute arising out of, or 
26    otherwise connected to, student data shall be litigated 
 
 
09900HB1536ham001- 23 -LRB099 08777 NHT 33065 a

1    using Illinois law and that the proper venue is the circuit 
2    court of the county in which the school board is located.
3    (e) Any vendor who seeks to receive from a school board or 
4the State Board in any manner any educator data is required to 
5enter into a written contract with the school board before any 
6records can be transferred, which contract shall contain the 
7following:
8        (1) provisions consistent with each requirement set 
9    forth in subsections (c) and (d) of this Section;
10        (2) a listing of the precise educator data to be 
11    provided to the vendor;
12        (3) a statement of the product or service being 
13    provided to the school board by the vendor;
14        (4) a statement that the vendor is a school official 
15    with a legitimate educational interest, performing an 
16    institutional service or function for which the school 
17    board would otherwise use employees, under the direct 
18    control of the school board with respect to the use and 
19    maintenance of educator data, and is using such educator 
20    data only for an authorized purpose and will not 
21    re-disclose it to third parties or affiliates without 
22    permission from the school board or pursuant to court 
23    order;
24        (5) a statement that the educator data continues to be 
25    the property of and under the control of the school board, 
26    and the vendor has a limited, nonexclusive license solely 
 
 
09900HB1536ham001- 24 -LRB099 08777 NHT 33065 a

1    for the purpose of performing its obligations under the 
2    contract;
3        (6) a description of the actions the vendor will take, 
4    including the designation and training of responsible 
5    employees, to ensure the security and confidentiality of 
6    educator data;  compliance with this requirement shall not, 
7    in itself, absolve the vendor of liability in the event of 
8    an unauthorized disclosure of educator data; and
9        (7) a statement that the contract is the entire 
10    agreement between the school board (including school board 
11    employees and other end users) and the vendor.
12    (f) Each school board shall adopt a policy regarding which 
13school employees have the power to bind the school board to the 
14terms of any agreements, whether electronic, click-through, 
15click-wrap, verbal, or in writing.  If a vendor enters into an 
16agreement with an employee or other end users who are not 
17authorized through the school board's policy to enter into such 
18an agreement, then the agreement shall be voidable by the 
19school board.
20    (g) Each school board entering into a contract or agreement 
21as allowed by this Section shall maintain an original copy of 
22its term and conditions at the school board's primary place of 
23business, including a copy of the terms and conditions set 
24forth in any agreement described in subsection (f) of this 
25Section.
26    (h) In the event of a security breach resulting, in whole 
 
 
09900HB1536ham001- 25 -LRB099 08777 NHT 33065 a

1or in part, from the vendor's conduct, in addition to any other 
2remedies available to the school board under law or equity, the 
3vendor shall reimburse the school board in full for all costs 
4and expenses incurred by the school board in investigating and 
5remediating the breach, including, but not limited to:
6        (1) providing notification to the educators whose 
7    personally identifiable information was compromised and to 
8    regulatory agencies or other entities as required by law or 
9    contract;
10        (2) providing one year's credit monitoring to those 
11    educators whose educator data was exposed in such a manner 
12    during the breach that a reasonable person would have cause 
13    to believe that it could impact his or her credit or 
14    financial security; and
15        (3) payment of legal fees, audit costs, fines, and 
16    other fees or damages imposed against the school board as a 
17    result of the security breach.
18    (i) The State Board shall develop, publish, and make 
19publicly available model educator data privacy policies and 
20procedures that comply with relevant state and federal law.
21    (j) In addition to any other penalties, any contract 
22governed by this Section that fails to comply with the 
23requirements of this Section shall be rendered void if, upon 
24notice and a reasonable opportunity to cure, the noncompliant 
25party fails to cure any defect. Written notice of noncompliance 
26may be provided by either party to the contract. Any vendor 
 
 
09900HB1536ham001- 26 -LRB099 08777 NHT 33065 a

1subject to a contract voided under this subdivision is 
2required, within 60 days, to return all student data and any 
3information or records generated therefrom in its possession to 
4the school board.  Any vendor that fails to cure any defect in 
5the contract shall not be entitled to any payment required 
6under the contract and shall return to the school board all 
7payments previously made by the school board.
 
8    Section 10. The Illinois School Student Records Act is 
9amended  by changing Sections 2, 6, and 9 as follows:
 



10    (105 ILCS 10/2)  (from Ch. 122, par. 50-2)



11    Sec. 2. 
In this Act: 
12    "Biometric record" means a record of one or more measurable 
13biological or behavioral characteristics that can be used for 
14automated recognition of an individual.  Examples include 
15fingerprints, retina and iris patterns voiceprints, DNA 
16sequence, facial characteristics, and handwriting.
17    "Eligible student" means a student who has reached 18 years 
18of age.
19    "Parent" means a person who is the natural parent of the 
20student or other person who has the primary responsibility for 
21the care and upbringing of the student.  All rights and 
22privileges accorded to a parent under this Act shall become 
23exclusively those of the student upon the student's 18th 
24birthday, graduation from secondary school, marriage, or entry 
 
 
09900HB1536ham001- 27 -LRB099 08777 NHT 33065 a

1into military service, whichever occurs first.  Such rights and 
2privileges may also be exercised by the student at any time 
3with respect to the student's permanent school record.
4    "Personally identifiable information" means:
5        (1) the student's name;
6        (2) the name of the student's parent or other family 
7    members;
8        (3) the address of the student or student's family;
9        (4) a personal identifier, such as the student's social 
10    security number, student number, or biometric record;
11        (5) other indirect identifiers, such as the student's 
12    date of birth, place of birth, and mother's maiden name;
13        (6) other information that, alone or in combination, is 
14    linked or linkable to a specific student that would allow a 
15    reasonable person in the school community, who does not 
16    have personal knowledge of the relevant circumstances, to 
17    identify the student with reasonable certainty; or
18        (7) information requested by a person who the 
19    educational agency or institution reasonably believes 
20    knows the identity of the student to whom the education 
21    record relates.
22    "Record" means any information recorded or generated in any 
23way, including, but not limited to, electronically-generated 
24data, handwriting, print, computer media, video or audio tape, 
25film, microfilm, and microfiche.
26    "School" means any public preschool, day care center, 
 
 
09900HB1536ham001- 28 -LRB099 08777 NHT 33065 a

1kindergarten, nursery, elementary or secondary educational 
2institution, vocational school, special education facility or 
3any other elementary or secondary educational agency or 
4institution and any person, agency or institution which 
5maintains school student records from more than one school, but 
6does not include a private or non-public school.
7    "School board" means any school board, board of directors, 
8or any other governing body established under the School Code.
9    "School student record" means any writing or other recorded 
10information concerning a student by which a student may be 
11individually or personally identified that is maintained by a 
12school or at its direction or by an employee of a school, 
13regardless of how or where the information is stored.  The 
14following shall not be deemed school student records under this 
15Act:  writings or other recorded information maintained by an 
16employee of a school or other person at the direction of a 
17school for his or her exclusive use; provided that all such 
18writings and other recorded information are destroyed not later 
19than the student's graduation or permanent withdrawal from the 
20school; and provided further that no such records or recorded 
21information may be released or disclosed to any person except a 
22person designated by the school as a substitute unless they are 
23first incorporated in a school student record and made subject 
24to all of the provisions of this Act.  School student records 
25shall not include information maintained by law enforcement 
26professionals working in the school.
 
 
09900HB1536ham001- 29 -LRB099 08777 NHT 33065 a

1    "State Board" means the State Board of Education.
2    "Student" means any person enrolled or previously enrolled 
3in a school.
4    "Student permanent record" means the minimum personal 
5information necessary to a school in the education of the 
6student and contained in a school student record.  Such 
7information may include the student's name, birth date, 
8address, grades and grade level, parents' names and addresses, 
9attendance records, and such other entries as the State Board 
10may require or authorize.
11    "Student temporary record" means all information contained 
12in a school student record but not contained in the student 
13permanent record.  Such information may include family 
14background information, intelligence test scores, aptitude 
15test scores, psychological and personality test results, 
16teacher evaluations, and other information of clear relevance 
17to the education of the student, all subject to rules of the 
18State Board.  The information shall include information 
19provided under Section 8.6 of the Abused and Neglected Child 
20Reporting Act.  In addition, the student temporary record shall 
21include information regarding disciplinary infractions 
22involving drugs, weapons, or bodily harm to another that 
23resulted in expulsion, suspension, or the imposition of 
24punishment or sanction. 
25As used in this Act,

26    (a) "Student" means any person enrolled or previously 
 
 
09900HB1536ham001- 30 -LRB099 08777 NHT 33065 a

1enrolled in a school.

2    (b) "School" means any public preschool, day care center,

3kindergarten, nursery, elementary or secondary educational 
4institution,
vocational school, special educational facility 
5or any other elementary or
secondary educational agency or 
6institution and any person, agency or
institution which 
7maintains school student records from more than one school,
but 
8does not include a private or non-public school.

9    (c) "State Board" means the State Board of Education.

10    (d) "School Student Record" means any writing or
other 
11recorded information concerning a student
and by which a 
12student may be individually identified,
maintained by a school 
13or at its direction or by an employee of a
school, regardless 
14of how or where the information is stored.
The following shall 
15not be deemed school student records under
this Act: writings 
16or other recorded information maintained by an
employee of a 
17school or other person at the direction of a school for his or

18her exclusive use; provided that all such writings and other 
19recorded
information are destroyed not later than the student's 
20graduation or permanent
withdrawal from the school; and 
21provided further that no such records or
recorded information 
22may be released or disclosed to any person except a person

23designated by the school as
a substitute unless they are first 
24incorporated
in a school student record and made subject to all 
25of the
provisions of this Act.
School student records shall not 
26include information maintained by
law enforcement 
 
 
09900HB1536ham001- 31 -LRB099 08777 NHT 33065 a

1professionals working in the school.

2    (e) "Student Permanent Record" means the minimum personal

3information necessary to a school in the education of the 
4student
and contained in a school student record.  Such 
5information
may include the student's name, birth date, 
6address, grades
and grade level, parents' names and addresses, 
7attendance
records, and such other entries as the State Board 
8may
require or authorize.

9    (f) "Student Temporary Record" means all information 
10contained in
a school student record but not contained in
the 
11student permanent record.  Such information may include
family 
12background information, intelligence test scores, aptitude

13test scores, psychological and personality test results, 
14teacher
evaluations, and other information of clear relevance 
15to the
education of the student, all subject to regulations of 
16the State Board.
The information shall include information 
17provided under Section 8.6 of the
Abused and Neglected Child 
18Reporting Act.
In addition, the student temporary record shall 
19include information regarding
serious disciplinary infractions 
20that resulted in expulsion, suspension, or the
imposition of 
21punishment or sanction.  For purposes of this provision, serious

22disciplinary infractions means: infractions involving drugs, 
23weapons, or bodily
harm to another.

24    (g) "Parent" means a person who is the natural parent of 
25the
student or other person who has the primary responsibility 
26for the
care and upbringing of the student.  All rights and 
 
 
09900HB1536ham001- 32 -LRB099 08777 NHT 33065 a

1privileges accorded
to a parent under this Act shall become 
2exclusively those of the student
upon his 18th birthday, 
3graduation from secondary school, marriage
or entry into 
4military service, whichever occurs first.  Such
rights and 
5privileges may also be exercised by the student
at any time 
6with respect to the student's permanent school record.

7(Source: P.A. 92-295, eff. 1-1-02.)

 



8    (105 ILCS 10/6)  (from Ch. 122, par. 50-6)



9    Sec. 6. (a)  No school student records or information

10contained therein may be released, transferred, disclosed or 
11otherwise
disseminated, except as follows:

12        (1) to To a parent or student or person specifically

13    designated as a representative by a parent, as provided in 
14    paragraph (a)
of Section 5;

15        (2) to To an employee or official of the school or

16    school district or State Board with current demonstrable 
17    educational
or administrative interest in the student, in 
18    furtherance of such interest;

19        (3) to To the official records custodian of another 
20    school within
Illinois or an official with similar 
21    responsibilities of a school
outside Illinois, in which the 
22    student has enrolled, or intends to enroll,
upon the 
23    request of such official or student;

24        (4) to To any person for the purpose of research,

25    statistical reporting, or planning, provided that such 
 
 
09900HB1536ham001- 33 -LRB099 08777 NHT 33065 a

1    research, statistical reporting, or planning is 
2    permissible under and undertaken in accordance with the 
3    federal Family Educational Rights and Privacy Act (20 
4    U.S.C. 1232g);

5        (5) pursuant Pursuant to a court order, provided that 
6    the
parent shall be given prompt written notice upon 
7    receipt
of such order of the terms of the order, the nature 
8    and
substance of the information proposed to be released
in 
9    compliance with such order and an opportunity to
inspect 
10    and copy the school student records and to
challenge their 
11    contents pursuant to Section 7;

12        (6) to To any person as specifically required by State

13    or federal law;

14        (6.5) to To juvenile authorities
when necessary for the 
15    discharge of their official duties
who request information 
16    prior to
adjudication of the student and who certify in 
17    writing that the information
will not be disclosed to any 
18    other party except as provided under law or order
of court.  
19    For purposes of this Section "juvenile authorities" means:

20    (i) a judge of
the circuit court and members of the staff 
21    of the court designated by the
judge; (ii) parties to the 
22    proceedings under the Juvenile Court Act of 1987 and
their 
23    attorneys; (iii) probation
officers and court appointed 
24    advocates for the juvenile authorized by the judge
hearing 
25    the case;  (iv) any individual, public or private agency 
26    having custody
of the child pursuant to court order; (v) 
 
 
09900HB1536ham001- 34 -LRB099 08777 NHT 33065 a

1    any individual, public or private
agency providing 
2    education, medical or mental health service to the child 
3    when
the requested information is needed to determine the 
4    appropriate service or
treatment for the minor; (vi) any 
5    potential placement provider when such
release
is 
6    authorized by the court for the limited purpose of 
7    determining the
appropriateness of the potential 
8    placement; (vii) law enforcement officers and
prosecutors;

9    (viii) adult and juvenile prisoner review boards; (ix) 
10    authorized military
personnel; (x)
individuals authorized 
11    by court;

12        (7) subject Subject to regulations of the State Board,

13    in connection with an emergency, to appropriate persons
if 
14    the knowledge of such information is necessary to protect

15    the health or safety of the student or other
persons;

16        (8) to To any person, with the prior specific dated

17    written consent of the parent designating the person
to 
18    whom the records may be released, provided that at
the time 
19    any such consent is requested or obtained,
the parent shall 
20    be advised in writing that he has the right
to inspect and 
21    copy such records in accordance with Section 5, to

22    challenge their contents in accordance with Section 7 and 
23    to limit any such
consent to
designated records or 
24    designated portions of the information contained
therein;

25        (9) to To a governmental agency, or social service 
26    agency contracted by a
governmental agency, in furtherance 
 
 
09900HB1536ham001- 35 -LRB099 08777 NHT 33065 a

1    of an investigation of a student's school
attendance 
2    pursuant to the compulsory student attendance laws of this 
3    State,
provided that the records are released to the 
4    employee or agent designated by
the agency;

5        (10) to To those SHOCAP committee members who fall 
6    within the meaning of
"state and local officials and 
7    authorities", as those terms are used within the
meaning of 
8    the federal Family Educational Rights and Privacy Act, for

9    the
purposes of identifying serious habitual juvenile 
10    offenders and matching those
offenders with community 
11    resources pursuant to Section 5-145 of the Juvenile
Court 
12    Act of 1987, but only to the extent that the release, 
13    transfer,
disclosure, or dissemination is consistent with 
14    the Family Educational Rights
and Privacy Act;

15        (11) to To the Department of Healthcare and Family 
16    Services in furtherance of the
requirements of Section 
17    2-3.131, 3-14.29, 10-28, or 34-18.26 of
the School Code or 
18    Section 10 of the School Breakfast and Lunch
Program Act; 
19    or

20        (12) to To the State Board or another State government 
21    agency or between or among State government agencies in 
22    order to evaluate or audit federal and State programs or 
23    perform research and planning, but only to the extent that 
24    the release, transfer, disclosure, or dissemination is 
25    consistent with the federal Family Educational Rights and 
26    Privacy Act (20 U.S.C. 1232g). 
 
 
09900HB1536ham001- 36 -LRB099 08777 NHT 33065 a

1    (a-5) Pursuant to subparagraph (4) of paragraph (a) of this 
2Section, a school board or the State Board may provide records 
3of a student to researchers at an accredited post-secondary 
4educational institution or an organization conducting research 
5if any such research is conducted in accordance with the 
6federal Family Educational Rights and Privacy Act and does not 
7take place until the following requirements are complied with:
8        (1) Prior to the beginning of each school year, the 
9    school board shall provide notice to parents, guardians or 
10    eligible students regarding planned studies.  For those 
11    school boards that maintain an Internet website, the school 
12    board shall post on its Internet website a current list of 
13    all research studies using records obtained from the school 
14    board without obtaining consent from parents, guardians or 
15    eligible students currently being conducted or scheduled 
16    to be conducted.  In April and December of each year, the 
17    school board shall update the Internet website to include 
18    new research studies that are approved or conducted.  For 
19    those school boards that do not maintain an Internet 
20    website, each school board shall provide parents, 
21    guardians and eligible students with a current list of all 
22    research studies being conducted or scheduled to be 
23    conducted in the same notice described above and shall 
24    provide supplemental notices every April and December 
25    provided new research studies have been approved or are 
26    being conducted.
 
 
09900HB1536ham001- 37 -LRB099 08777 NHT 33065 a

1            (A) The school board shall send the notice 
2        described in this subparagraph (1) by the same means 
3        generally used to send notices to parents, guardians or 
4        eligible students.
5            (B) The notice described in this subparagraph (1) 
6        shall describe generally the purposes of conducting 
7        educational research, contain a short description of 
8        all current and scheduled research studies and set 
9        forth the address of the Internet website containing a 
10        current list of all research studies being conducted 
11        and scheduled to be conducted, which web address shall 
12        also be set forth in the school board's student 
13        handbook.  The notice shall also advise parents, 
14        guardians and eligible students that the State Board 
15        conducts research studies and shall provide the 
16        Internet website address for that part of the State 
17        Board's website that contains a list of the current and 
18        scheduled studies to be conducted.
19            (C) For those school boards that maintain an 
20        Internet website, the webpage that contains the list of 
21        all current and scheduled research studies shall also 
22        set forth, in general terms, the nature of each listed 
23        research study, the categories of students whose 
24        records will be used in each listed research study and 
25        the names of all organizations involved in each listed 
26        research study.  For those school boards that do not 
 
 
09900HB1536ham001- 38 -LRB099 08777 NHT 33065 a

1        maintain an Internet website, the school boards shall 
2        provide the information described in this subdivision 
3        (C) in the notice described in this subparagraph (1).
4        (2) A written data use agreement that complies with the 
5    Family Educational Rights and Privacy Act and its 
6    accompanying regulations and, at a minimum, contains the 
7    provisions set forth below is entered into by and between 
8    the party gaining access to the records of the school board 
9    or State Board and the entity with the legal authority to 
10    permit the use of the data:
11            (A) The accredited post-secondary educational 
12        institution or the organization conducting research 
13        shall abide by all requirements of this subparagraph 
14        (2).
15            (B) A statement of the purpose, scope and duration 
16        of the research study or studies, as well as a 
17        description of the records to be used as part of the 
18        study and the person or persons to whom the records 
19        will be disclosed, provided that the list of persons to 
20        whom the records may be disclosed may be amended from 
21        time to time with the agreement of all parties to the 
22        data use agreement.
23            (C) The accredited post-secondary educational 
24        institution or the organization conducting research 
25        shall use school student records only to meet the 
26        purpose or purposes of the study as set forth in 
 
 
09900HB1536ham001- 39 -LRB099 08777 NHT 33065 a

1        subdivision (B) of this subparagraph (2).
2            (D) The accredited post-secondary educational 
3        institution or the organization conducting research 
4        may only use records containing personally 
5        identifiable information of a student or by which a 
6        student may otherwise be individually or personally 
7        identified for two reasons:  (i) to link data files;  or 
8        (ii) to identify eligible students for research 
9        studies for which written parental, guardian or 
10        eligible student consent will be obtained for 
11        participation and the person or persons to whom such 
12        information will be disclosed is set forth in the data 
13        use agreement.
14            (E) The accredited post-secondary educational 
15        institution or the organization conducting research 
16        shall destroy all records containing personally 
17        identifiable information of a student or that 
18        otherwise individually or personally identifies a 
19        student when the information is no longer needed, but 
20        in no event later than 36 months after the research 
21        study has been completed.
22            (F) The accredited post-secondary educational 
23        institution or the organization conducting research 
24        shall certify in writing that it has the capacity to 
25        and shall restrict access to school student records to 
26        the person or persons set forth in subdivision (B) of 
 
 
09900HB1536ham001- 40 -LRB099 08777 NHT 33065 a

1        this subparagraph (2).
2            (G) The accredited post-secondary educational 
3        institution or the organization conducting research 
4        shall certify in writing that it shall maintain the 
5        security of all records received pursuant to this 
6        paragraph (a-5) in compliance with rules that shall be 
7        adopted by the State Board, which rules shall be 
8        consistent, and regularly updated to comply, with 
9        commonly accepted data-security practices, including, 
10        but not limited to, those set forth by the United 
11        States Department of Education Privacy Technical 
12        Assistance Center.
13            (H) In compliance with the rules adopted pursuant 
14        to subdivision (G) of this subparagraph (2) and any 
15        other rules that may be necessary and adopted by the 
16        State Board, the accredited post-secondary educational 
17        institution or the organization conducting research 
18        shall develop, implement, maintain, and use 
19        appropriate administrative, technical and physical 
20        security measures to preserve the confidentiality and 
21        integrity of all school student records.
22        (3) Accredited post-secondary educational institutions 
23    and organizations conducting research may only use records 
24    containing personally identifiable information or a 
25    student or by which a student may otherwise be personally 
26    or individually identified for two reasons: (i) to link 
 
 
09900HB1536ham001- 41 -LRB099 08777 NHT 33065 a

1    data files or (ii) to identify eligible students for 
2    research studies for which written parental, guardian or 
3    eligible student consent will be obtained for 
4    participation and the person or persons to whom such 
5    information will be disclosed is set forth in the data use 
6    agreement.
7        (4) The accredited post-secondary institution or the 
8    organization conducting research agrees that it shall use 
9    personally identifiable information from school student 
10    records only to meet the purpose or purposes of the 
11    research study or studies as stated in the data use 
12    agreement described in subparagraph (2) of this paragraph 
13    (a-5).
14        (5) Any information by which a student may be 
15    individually or personally identified shall be released, 
16    transferred, disclosed or otherwise disseminated only as 
17    contemplated by the written data use a paragraph (a-5).
18        (6) All school student records shall have personally 
19    identifiable information removed prior to analysis by the 
20    accredited post-secondary educational institution or the 
21    organization conducting research.
22        (7) The accredited post-secondary institution or 
23    organization conducting research shall implement and 
24    adhere to policies and procedures that restrict access to 
25    records which have personally identifiable information.
26            (A) The accredited post-secondary institution or 
 
 
09900HB1536ham001- 42 -LRB099 08777 NHT 33065 a

1        organization conducting research shall designate an 
2        individual to act as the custodian of the records with 
3        personally identifiable information who is responsible 
4        for restricting access to those records and provide the 
5        name of that individual to the entity with the legal 
6        authority to permit the use of the records.
7            (B) Any personally identifiable information used 
8        to link data sets shall be securely stored in a 
9        location separate and apart from the location of the 
10        de-identified school student records, in a secure data 
11        file.
12    Nothing in this subparagraph (a-5) shall prohibit the State 
13Board or any school board from providing personally 
14identifiable information about individual students to an 
15accredited post-secondary educational institution or an 
16organization conducting research pursuant to a specific, 
17written agreement with a school board or State Board and in 
18accordance with the federal Family Educational Rights and 
19Privacy Act, where necessary for the school board or State 
20Board to comply with state or federal statutory mandates. 
21    (b) No information may be released pursuant to subparagraph 
22subparagraphs  (3) or
(6) of paragraph (a) of this Section 6 
23unless the parent receives
prior written notice of the nature 
24and substance of the information
proposed to be released, and 
25an opportunity to inspect
and copy such records in accordance 
26with Section 5 and to
challenge their contents in accordance 
 
 
09900HB1536ham001- 43 -LRB099 08777 NHT 33065 a

1with Section 7.  Provided, however,
that such notice shall be 
2sufficient if published in a local newspaper of
general 
3circulation or other publication directed generally to the 
4parents
involved where the proposed release of information is 
5pursuant to
subparagraph (6) 6 of paragraph (a) of in this 
6Section 6 and relates to more
than 25 students.

7    (c) A record of any release of information pursuant
to this 
8Section must be made and kept as a part of the
school student 
9record and subject to the access granted by Section 5.
Such 
10record of release shall be maintained for the life of the

11school student records and shall be available only to the 
12parent
and the official records custodian.
Each record of 
13release shall also include:

14        (1) the The nature and substance of the information 
15    released;

16        (2) the The name and signature of the official records

17    custodian releasing such information;

18        (3) the The name of the person requesting such 
19    information,
the capacity in which such a request has been 
20    made, and the purpose of such
request;

21        (4) the The date of the release; and

22        (5) a A copy of any consent to such release.

23    (d) Except for the student and his parents, no person
to 
24whom information is released pursuant to this Section
and no 
25person specifically designated as a representative by a parent

26may permit any other person to have access to such information 
 
 
09900HB1536ham001- 44 -LRB099 08777 NHT 33065 a

1without a prior
consent of the parent obtained in accordance 
2with the requirements
of subparagraph (8) of paragraph (a) of 
3this Section.

4    (e) Nothing contained in this Act shall prohibit the

5publication of student directories which list student names, 
6addresses
and other identifying information and similar 
7publications which
comply with regulations issued by the State 
8Board.

9(Source: P.A. 95-331, eff. 8-21-07; 95-793, eff. 1-1-09; 
1096-107, eff. 7-30-09; 96-1000, eff. 7-2-10; revised 11-26-14.)

 



11    (105 ILCS 10/9)  (from Ch. 122, par. 50-9)



12    Sec. 9. 
(a) Any person aggrieved by any violation of
this 
13Act may institute an action for injunctive relief in the 
14Circuit
Court of the County in which the violation has occurred 
15or the Circuit
Court of the County in which the school is 
16located.

17    (b) Any person injured by a wilful or negligent violation 
18of
this Act may institute an action for damages in the Circuit 
19Court of the
County in which the violation has occurred or the 
20Circuit Court of the
County in which the school is located.

21    (c) In the case of any successful action under paragraph 
22(a) or
(b) of this  Section, any person or school found to have 
23wilfully
or negligently violated any provision of this Act is 
24liable to the
plaintiff for the plaintiff's damages, the costs 
25of the action and
reasonable attorneys' fees, as determined by 
 
 
09900HB1536ham001- 45 -LRB099 08777 NHT 33065 a

1the Court.

2    (d) Actions for injunctive relief to secure compliance
with 
3this Act may be brought by the State Board, by the State's

4Attorney of the County in which the alleged violation has 
5occurred or the
State's Attorney of the County in which the 
6school is located, in each
case in the Circuit Court of such 
7County.

8    (e) Wilful failure to comply with any Section of this Act

9is a petty offense; except that any person who wilfully and 
10maliciously
falsifies any school student record, student 
11permanent record or student
temporary record shall be guilty of 
12a Class A misdemeanor.

13    (f) Absent proof of malice, no cause of action or claim for 
14relief,
civil or criminal, may be maintained against any 
15school, or employee or
official of a school or person acting at 
16the direction of a school for
any statement made or judgment 
17expressed in any entry to a school student
record of a type 
18which does not violate this Act or the regulations
issued by 
19the State Board pursuant to this Act; provided that this

20paragraph (f) does not limit or deny any defense available

21under existing law.

22    (g) In addition to any other penalties and remedies 
23provided by this Section 9 of this Act, any accredited 
24post-secondary educational institution or organization 
25conducting research that violates the requirements of 
26subparagraph (a-5) of Section 6 of this Act shall immediately 
 
 
09900HB1536ham001- 46 -LRB099 08777 NHT 33065 a

1cease conducting any research that utilizes school student 
2records and shall be prohibited from conducting additional 
3research studies based on such records and information for a 
4period of 6 months from the date of the discovery of the 
5violation.
6    (h) In addition to any other penalties and remedies 
7provided by this Section 9 of this Act, any school board that 
8violates the requirements of subparagraph (a-5) of Section 6 of 
9this Act shall be prohibited from entering into a data use 
10agreement with any accredited post-secondary educational 
11institution or organization conducting research for a period of 
1212 months from the date of the discovery of the violation, and 
13all existing data use agreements shall be voided. 
14(Source: P.A. 84-712.)

 
15    Section 15. The Children's Privacy Protection and Parental 
16Empowerment Act is amended  by changing Section 5 as follows:
 



17    (325 ILCS 17/5)



18    Sec. 5. Definitions. As used in this Act:

19    "Child" means a person under the age of 18 16. "Child" does 
20not include a minor
emancipated by operation of law.

21    "Parent" means a parent, step-parent, or legal guardian.

22    "Personal information" means any of the following:


23        (1) A person's name.


24        (2) A person's address.


 
 
09900HB1536ham001- 47 -LRB099 08777 NHT 33065 a

1        (3) A person's telephone number.


2        (4) A person's driver's license number or State of 
3    Illinois identification
card as
assigned by the Illinois 
4    Secretary of State or by a similar agency of another
state.


5        (5) A person's social security number.


6        (6) Any other information that can be used to locate or 
7    contact a specific
individual.

8    "Personal information" does not include any of the

9following:


10        (1) Public records as defined by Section 2 of the 
11    Freedom of Information
Act.


12        (2) Court records.


13        (3) Information found in publicly available sources, 
14    including newspapers,
magazines, and telephone 
15    directories.


16        (4) Any other information that is not known to concern 
17    a child.

18(Source: P.A. 93-462, eff. 1-1-04.)".