Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · Illinois · Chapter 105 — SCHOOLS · Act 85

Sec. 15. Operator duties.

787 words·~4 min read·/il/chapter-105/act-85/15

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Sec. 15. Operator duties. An operator shall do the following:
(1)Implement and maintain reasonable security procedures and practices that otherwise
meet or exceed industry standards designed to protect covered information from unauthorized access, destruction, use, modification, or disclosure.
(2)Delete, within a reasonable time period, a student's covered information if the
school or school district requests deletion of covered information under the control of the school or school district, unless a student or his or her parent consents to the maintenance of the covered information.
(3)Publicly disclose material information about its collection, use, and disclosure of
covered information, including, but not limited to, publishing a terms of service agreement, privacy policy, or similar document.
(4)Except for a nonpublic school, for any operator who seeks to receive from a school,
school district, or the State Board in any manner any covered information, enter into a written agreement with the school, school district, or State Board before the covered information may be transferred. The written agreement may be created in electronic form and signed with an electronic or digital signature or may be a click wrap agreement that is used with software licenses, downloaded or online applications and transactions for educational technologies, or other technologies in which a user must agree to terms and conditions before using the product or service. Any written agreement entered into, amended, or renewed must contain all of the following:
(A)A listing of the categories or types of covered information to be provided to
the operator.
(B)A statement of the product or service being provided to the school by the
operator.
(C)A statement that, pursuant to the federal Family Educational Rights and Privacy
Act of 1974, the operator is acting as a school official with a legitimate educational interest, is performing an institutional service or function for which the school would otherwise use employees, under the direct control of the school, with respect to the use and maintenance of covered information, and is using the covered information only for an authorized purpose and may not re-disclose it to third parties or affiliates, unless otherwise permitted under this Act, without permission from the school or pursuant to court order.
(D)A description of how, if a breach is attributed to the operator, any costs and
expenses incurred by the school in investigating and remediating the breach will be allocated between the operator and the school. The costs and expenses may include, but are not limited to:
(i)providing notification to the parents of those students whose covered
information was compromised and to regulatory agencies or other entities as required by law or contract;
(ii)providing credit monitoring to those students whose covered information was
exposed in a manner during the breach that a reasonable person would believe that it could impact his or her credit or financial security;
(iii)legal fees, audit costs, fines, and any other fees or damages imposed
against the school as a result of the security breach; and
(iv)providing any other notifications or fulfilling any other requirements
adopted by the State Board or of any other State or federal laws.
(E)A statement that the operator must delete or transfer to the school all covered
information if the information is no longer needed for the purposes of the written agreement and to specify the time period in which the information must be deleted or transferred once the operator is made aware that the information is no longer needed for the purposes of the written agreement.
(F)If the school maintains a website, a statement that the school must publish the
written agreement on the school's website. If the school does not maintain a website, a statement that the school must make the written agreement available for inspection by the general public at its administrative office. If mutually agreed upon by the school and the operator, provisions of the written agreement, other than those under subparagraphs (A), (B), and (C), may be redacted in the copy of the written agreement published on the school's website or made available at its administrative office.
(5)In case of any breach, within the most expedient time possible and without
unreasonable delay, but no later than 30 calendar days after the determination that a breach has occurred, notify the school of any breach of the students' covered information.
(6)Except for a nonpublic school, provide to the school a list of any third parties or
affiliates to whom the operator is currently disclosing covered information or has disclosed covered information. This list must, at a minimum, be updated and provided to the school by the beginning of each State fiscal year and at the beginning of each calendar year.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.