Sen. Omar Aquino

Filed: 5/17/2019

 

 


 

 


 
10100HB3606sam003LRB101 09053 AXK 60836 a

1
AMENDMENT TO HOUSE BILL 3606

2    AMENDMENT NO. ______. Amend House Bill 3606, AS AMENDED, by
3replacing everything after the enacting clause with the
4following:
 
5    "Section 5. The Student Online Personal Protection Act is
6amended by changing Sections 5, 10, 15, and 30 and by adding
7Sections 26, 27, 28, and 33 as follows:
 
8    (105 ILCS 85/5)
9    Sec. 5. Definitions. In this Act:
10    "Breach" means the unauthorized acquisition of
11computerized data that compromises the security,
12confidentiality, or integrity of covered information
13maintained by an operator or school. "Breach" does not include
14the good faith acquisition of personal information by an
15employee or agent of an operator or school for a legitimate
16purpose of the operator or school if the covered information is

 

 

10100HB3606sam003- 2 -LRB101 09053 AXK 60836 a

1not used for a purpose prohibited by this Act or subject to
2further unauthorized disclosure.
3    "Covered information" means personally identifiable
4information or material or information that is linked to
5personally identifiable information or material in any media or
6format that is not publicly available and is any of the
7following:
8        (1) Created by or provided to an operator by a student
9    or the student's parent or legal guardian in the course of
10    the student's or , parent's, or legal guardian's use of the
11    operator's site, service, or application for K through 12
12    school purposes.
13        (2) Created by or provided to an operator by an
14    employee or agent of a school or school district for K
15    through 12 school purposes.
16        (3) Gathered by an operator through the operation of
17    its site, service, or application for K through 12 school
18    purposes and personally identifies a student, including,
19    but not limited to, information in the student's
20    educational record or electronic mail, first and last name,
21    home address, telephone number, electronic mail address,
22    or other information that allows physical or online
23    contact, discipline records, test results, special
24    education data, juvenile dependency records, grades,
25    evaluations, criminal records, medical records, health
26    records, a social security number, biometric information,

 

 

10100HB3606sam003- 3 -LRB101 09053 AXK 60836 a

1    disabilities, socioeconomic information, food purchases,
2    political affiliations, religious information, text
3    messages, documents, student identifiers, search activity,
4    photos, voice recordings, or geolocation information.
5    "Interactive computer service" has the meaning ascribed to
6that term in Section 230 of the federal Communications Decency
7Act of 1996 (47 U.S.C. 230).
8    "K through 12 school purposes" means purposes that are
9directed by or that customarily take place at the direction of
10a school, teacher, or school district; aid in the
11administration of school activities, including, but not
12limited to, instruction in the classroom or at home,
13administrative activities, and collaboration between students,
14school personnel, or parents; or are otherwise for the use and
15benefit of the school.
16    "Longitudinal data system" has the meaning given to that
17term under the P-20 Longitudinal Education Data System Act.
18    "Operator" means, to the extent that an entity is operating
19in this capacity, the operator of an Internet website, online
20service, online application, or mobile application with actual
21knowledge that the site, service, or application is used
22primarily for K through 12 school purposes and was designed and
23marketed for K through 12 school purposes.
24    "Parent" has the meaning given to that term under the
25Illinois School Student Records Act.
26    "School" means (1) any preschool, public kindergarten,

 

 

10100HB3606sam003- 4 -LRB101 09053 AXK 60836 a

1elementary or secondary educational institution, vocational
2school, special educational facility, or any other elementary
3or secondary educational agency or institution or (2) any
4person, agency, or institution that maintains school student
5records from more than one school. Except as otherwise provided
6in this Act, "school" "School" includes a private or nonpublic
7school.
8    "State Board" means the State Board of Education.
9    "Student" has the meaning given to that term under the
10Illinois School Student Records Act.
11    "Targeted advertising" means presenting advertisements to
12a student where the advertisement is selected based on
13information obtained or inferred over time from that student's
14online behavior, usage of applications, or covered
15information. The term does not include advertising to a student
16at an online location based upon that student's current visit
17to that location or in response to that student's request for
18information or feedback, without the retention of that
19student's online activities or requests over time for the
20purpose of targeting subsequent ads.
21(Source: P.A. 100-315, eff. 8-24-17.)
 
22    (105 ILCS 85/10)
23    Sec. 10. Operator prohibitions. An operator shall not
24knowingly do any of the following:
25        (1) Engage in targeted advertising on the operator's

 

 

10100HB3606sam003- 5 -LRB101 09053 AXK 60836 a

1    site, service, or application or target advertising on any
2    other site, service, or application if the targeting of the
3    advertising is based on any information, including covered
4    information and persistent unique identifiers, that the
5    operator has acquired because of the use of that operator's
6    site, service, or application for K through 12 school
7    purposes.
8        (2) Use information, including persistent unique
9    identifiers, created or gathered by the operator's site,
10    service, or application to amass a profile about a student,
11    except in furtherance of K through 12 school purposes.
12    "Amass a profile" does not include the collection and
13    retention of account information that remains under the
14    control of the student, the student's parent or legal
15    guardian, or the school.
16        (3) Sell or rent a student's information, including
17    covered information. This subdivision (3) does not apply to
18    the purchase, merger, or other type of acquisition of an
19    operator by another entity if the operator or successor
20    entity complies with this Act regarding previously
21    acquired student information.
22        (4) Except as otherwise provided in Section 20 of this
23    Act, disclose covered information, unless the disclosure
24    is made for the following purposes:
25            (A) In furtherance of the K through 12 school
26        purposes of the site, service, or application if the

 

 

10100HB3606sam003- 6 -LRB101 09053 AXK 60836 a

1        recipient of the covered information disclosed under
2        this clause (A) does not further disclose the
3        information, unless done to allow or improve
4        operability and functionality of the operator's site,
5        service, or application.
6            (B) To ensure legal and regulatory compliance or
7        take precautions against liability.
8            (C) To respond to the judicial process.
9            (D) To protect the safety or integrity of users of
10        the site or others or the security of the site,
11        service, or application.
12            (E) For a school, educational, or employment
13        purpose requested by the student or the student's
14        parent or legal guardian, provided that the
15        information is not used or further disclosed for any
16        other purpose.
17            (F) To a third party if the operator contractually
18        prohibits the third party from using any covered
19        information for any purpose other than providing the
20        contracted service to or on behalf of the operator,
21        prohibits the third party from disclosing any covered
22        information provided by the operator with subsequent
23        third parties, and requires the third party to
24        implement and maintain reasonable security procedures
25        and practices as required under Section 15.
26    Nothing in this Section prohibits the operator's use of

 

 

10100HB3606sam003- 7 -LRB101 09053 AXK 60836 a

1information for maintaining, developing, supporting,
2improving, or diagnosing the operator's site, service, or
3application.
4(Source: P.A. 100-315, eff. 8-24-17.)
 
5    (105 ILCS 85/15)
6    Sec. 15. Operator duties. An operator shall do the
7following:
8        (1) Implement and maintain reasonable security
9    procedures and practices that otherwise meet or exceed
10    industry standards appropriate to the nature of the covered
11    information and designed to protect that covered
12    information from unauthorized access, destruction, use,
13    modification, or disclosure.
14        (2) Delete, within a reasonable time period, a
15    student's covered information if the school or school
16    district requests deletion of covered information under
17    the control of the school or school district, unless a
18    student or his or her parent or legal guardian consents to
19    the maintenance of the covered information.
20        (3) Publicly disclose material information about its
21    collection, use, and disclosure of covered information,
22    including, but not limited to, publishing a terms of
23    service agreement, privacy policy, or similar document.
24        (4) Except for a nonpublic school, for any operator who
25    seeks to receive from a school, school district, or the

 

 

10100HB3606sam003- 8 -LRB101 09053 AXK 60836 a

1    State Board in any manner any covered information, enter
2    into a written agreement with the school, school district,
3    or State Board before the covered information may be
4    transferred. The written agreement may be created in
5    electronic form and signed with an electronic or digital
6    signature or may be a click wrap agreement that is used
7    with software licenses, downloaded or online applications
8    and transactions for educational technologies, or other
9    technologies in which a user must agree to terms and
10    conditions before using the product or service. Any written
11    agreement entered into, amended, or renewed must contain
12    all of the following:
13            (A) A listing of the categories or types of covered
14        information to be provided to the operator.
15            (B) A statement of the product or service being
16        provided to the school by the operator.
17            (C) A statement that, pursuant to the federal
18        Family Educational Rights and Privacy Act of 1974, the
19        operator is acting as a school official with a
20        legitimate educational interest, is performing an
21        institutional service or function for which the school
22        would otherwise use employees, under the direct
23        control of the school, with respect to the use and
24        maintenance of covered information, and is using the
25        covered information only for an authorized purpose and
26        may not re-disclose it to third parties or affiliates,

 

 

10100HB3606sam003- 9 -LRB101 09053 AXK 60836 a

1        unless otherwise permitted under this Act, without
2        permission from the school or pursuant to court order.
3            (D) A description of how, if a breach is attributed
4        to the operator, any costs and expenses incurred by the
5        school in investigating and remediating the breach
6        will be allocated between the operator and the school.
7        The costs and expenses may include, but are not limited
8        to:
9                (i) providing notification to the parents of
10            those students whose covered information was
11            compromised and to regulatory agencies or other
12            entities as required by law or contract;
13                (ii) providing credit monitoring to those
14            students whose covered information was exposed in
15            a manner during the breach that a reasonable person
16            would believe that it could impact his or her
17            credit or financial security;
18                (iii) legal fees, audit costs, fines, and any
19            other fees or damages imposed against the school as
20            a result of the security breach; and
21                (iv) providing any other notifications or
22            fulfilling any other requirements adopted by the
23            State Board or of any other State or federal laws.
24            (E) A statement that the operator must delete or
25        transfer to the school all covered information if the
26        information is no longer needed for the purposes of the

 

 

10100HB3606sam003- 10 -LRB101 09053 AXK 60836 a

1        written agreement and to specify the time period in
2        which the information must be deleted or transferred
3        once the operator is made aware that the information is
4        no longer needed for the purposes of the written
5        agreement.
6            (F) If the school maintains a website, a statement
7        that the school must publish the written agreement on
8        the school's website. If the school does not maintain a
9        website, a statement that the school must make the
10        written agreement available for inspection by the
11        general public at its administrative office. If
12        mutually agreed upon by the school and the operator,
13        provisions of the written agreement, other than those
14        under subparagraphs (A), (B), and (C), may be redacted
15        in the copy of the written agreement published on the
16        school's website or made available at its
17        administrative office.
18        (5) In case of any breach, within the most expedient
19    time possible and without unreasonable delay, but no later
20    than 30 calendar days after the determination that a breach
21    has occurred, notify the school of any breach of the
22    students' covered information.
23        (6) Except for a nonpublic school, provide to the
24    school a list of any third parties or affiliates to whom
25    the operator is currently disclosing covered information
26    or has disclosed covered information. This list must, at a

 

 

10100HB3606sam003- 11 -LRB101 09053 AXK 60836 a

1    minimum, be updated and provided to the school by the
2    beginning of each State fiscal year and at the beginning of
3    each calendar year.
4(Source: P.A. 100-315, eff. 8-24-17.)
 
5    (105 ILCS 85/26 new)
6    Sec. 26. School prohibitions. A school may not do either of
7the following:
8        (1) Sell, rent, lease, or trade covered information.
9        (2) Share, transfer, disclose, or provide access to a
10    student's covered information to an entity or individual,
11    other than the student's parent, school personnel,
12    appointed or elected school board members or local school
13    council members, or the State Board, without a written
14    agreement, unless the disclosure or transfer is:
15            (A) to the extent permitted by State or federal
16        law, to law enforcement officials to protect the safety
17        of users or others or the security or integrity of the
18        operator's service;
19            (B) required by court order or State or federal
20        law; or
21            (C) to ensure legal or regulatory compliance.
22        This paragraph (2) does not apply to nonpublic schools.
 
23    (105 ILCS 85/27 new)
24    Sec. 27. School duties.

 

 

10100HB3606sam003- 12 -LRB101 09053 AXK 60836 a

1    (a) Each school shall post and maintain on its website or,
2if the school does not maintain a website, make available for
3inspection by the general public at its administrative office
4all of the following information:
5        (1) An explanation, that is clear and understandable by
6    a layperson, of the data elements of covered information
7    that the school collects, maintains, or discloses to any
8    person, entity, third party, or governmental agency. The
9    information must explain how the school uses, to whom or
10    what entities it discloses, and for what purpose it
11    discloses the covered information.
12        (2) A list of operators that the school has written
13    agreements with, a copy of each written agreement, and a
14    business address for each operator. A copy of a written
15    agreement posted or made available by a school under this
16    paragraph may contain redactions, as provided under
17    subparagraph (F) of paragraph (4) of Section 15.
18        (3) For each operator, a list of any subcontractors to
19    whom covered information may be disclosed or a link to a
20    page on the operator's website that clearly lists that
21    information, as provided by the operator to the school
22    under paragraph (6) of Section 15.
23        (4) A written description of the procedures that a
24    parent may use to carry out the rights enumerated under
25    Section 33.
26        (5) A list of any breaches of covered information

 

 

10100HB3606sam003- 13 -LRB101 09053 AXK 60836 a

1    maintained by the school or breaches under Section 15 that
2    includes, but is not limited to, all of the following
3    information:
4            (A) The number of students whose covered
5        information is involved in the breach, unless
6        disclosing that number would violate the provisions of
7        the Personal Information Protection Act.
8            (B) The date, estimated date, or estimated date
9        range of the breach.
10            (C) For a breach under Section 15, the name of the
11        operator.
12        The school may omit from the list required under this
13    paragraph (5) (i) any breach in which, to the best of the
14    school's knowledge at the time of updating the list, the
15    number of students whose covered information is involved in
16    the breach is less than 10% of the school's enrollment,
17    (ii) any breach in which, at the time of posting the list,
18    the school is not required to notify the parent of a
19    student under subsection (d), (iii) any breach in which the
20    date, estimated date, or estimated date range in which it
21    occurred is earlier than July 1, 2021, or (iv) any breach
22    previously posted on a list under this paragraph (5) no
23    more than 5 years prior to the school updating the current
24    list.
25    The school must, at a minimum, update the items under
26paragraphs (1), (3), (4), and (5) no later than 30 calendar

 

 

10100HB3606sam003- 14 -LRB101 09053 AXK 60836 a

1days following the start of a fiscal year and no later than 30
2days following the beginning of a calendar year.
3    (b) Each school must adopt a policy for designating which
4school employees are authorized to enter into written
5agreements with operators. This subsection may not be construed
6to limit individual school employees outside of the scope of
7their employment from entering into agreements with operators
8on their own behalf and for non-K through 12 school purposes,
9provided that no covered information is provided to the
10operators. Any agreement or contract entered into in violation
11of this Act is void and unenforceable as against public policy.
12    (c) A school must post on its website or, if the school
13does not maintain a website, make available at its
14administrative office for inspection by the general public each
15written agreement entered into under this Act, along with any
16information required under subsection (a), no later than 10
17business days after entering into the agreement.
18    (d) After receipt of notice of a breach under Section 15 or
19determination of a breach of covered information maintained by
20the school, a school shall notify, no later than 30 calendar
21days after receipt of the notice or determination that a breach
22has occurred, the parent of any student whose covered
23information is involved in the breach. The notification must
24include, but is not limited to, all of the following:
25        (1) The date, estimated date, or estimated date range
26    of the breach.

 

 

10100HB3606sam003- 15 -LRB101 09053 AXK 60836 a

1        (2) A description of the covered information that was
2    compromised or reasonably believed to have been
3    compromised in the breach.
4        (3) Information that the parent may use to contact the
5    operator and school to inquire about the breach.
6        (4) The toll-free numbers, addresses, and websites for
7    consumer reporting agencies.
8        (5) The toll-free number, address, and website for the
9    Federal Trade Commission.
10        (6) A statement that the parent may obtain information
11    from the Federal Trade Commission and consumer reporting
12    agencies about fraud alerts and security freezes.
13    A notice of breach required under this subsection may be
14delayed if an appropriate law enforcement agency determines
15that the notification will interfere with a criminal
16investigation and provides the school with a written request
17for a delay of notice. A school must comply with the
18notification requirements as soon as the notification will no
19longer interfere with the investigation.
20    (e) Each school must implement and maintain reasonable
21security procedures and practices that otherwise meet or exceed
22industry standards designed to protect covered information
23from unauthorized access, destruction, use, modification, or
24disclosure. Any written agreement under which the disclosure of
25covered information between the school and a third party takes
26place must include a provision requiring the entity to whom the

 

 

10100HB3606sam003- 16 -LRB101 09053 AXK 60836 a

1covered information is disclosed to implement and maintain
2reasonable security procedures and practices that otherwise
3meet or exceed industry standards designed to protect covered
4information from unauthorized access, destruction, use,
5modification, or disclosure. The State Board must make
6available on its website a guidance document for schools
7pertaining to reasonable security procedures and practices
8under this subsection.
9    (f) Each school may designate an appropriate staff person
10as a privacy officer, who may also be an official records
11custodian as designated under the Illinois School Student
12Records Act, to carry out the duties and responsibilities
13assigned to schools and to ensure compliance with the
14requirements of this Section and Section 26.
15    (g) A school shall make a request, pursuant to paragraph
16(2) of Section 15, to an operator to delete covered information
17on behalf of a student's parent if the parent requests from the
18school that the student's covered information held by the
19operator be deleted, so long as the deletion of the covered
20information is not in violation of State or federal records
21laws.
22    (h) This Section does not apply to nonpublic schools.
 
23    (105 ILCS 85/28 new)
24    Sec. 28. State Board duties.
25    (a) The State Board may not sell, rent, lease, or trade

 

 

10100HB3606sam003- 17 -LRB101 09053 AXK 60836 a

1covered information.
2    (b) Except for an employee of the State Board or a State
3Board official acting within his or her official capacity, the
4State Board may not share, transfer, disclose, or provide
5covered information to an entity or individual without a
6contract or written agreement, except for disclosures required
7by State or federal law.
8    (c) At least once annually, the State Board must publish
9and maintain on its website a list of all of the entities or
10individuals, including, but not limited to, operators,
11individual researchers, research organizations, institutions
12of higher education, or government agencies, that the State
13Board contracts with or has written agreements with and that
14hold covered information and a copy of each contract or written
15agreement. The list must include all of the following
16information:
17        (1) The name of the entity or individual. In naming an
18    individual, the list must include the entity that sponsors
19    the individual or with which the individual is affiliated,
20    if any. If the individual is conducting research at an
21    institution of higher education, the list may include the
22    name of that institution and a contact person in the
23    department that is associated with the research in lieu of
24    the name of the researcher. If the entity is an operator,
25    the list must include its business address.
26        (2) The purpose and scope of the contract or agreement.

 

 

10100HB3606sam003- 18 -LRB101 09053 AXK 60836 a

1        (3) The duration of the contract or agreement.
2        (4) The types of covered information that the entity or
3    individual holds under the contract or agreement.
4        (5) The use of the covered information under the
5    contract or agreement.
6        (6) The length of time for which the entity or
7    individual may hold the covered information.
8        (7) A list of any subcontractors to whom covered
9    information may be disclosed under Section 15 or a link to
10    a page on the operator's website that clearly lists that
11    information.
12    If mutually agreed upon by the State Board and the
13operator, provisions of a contract or written agreement, other
14than those pertaining to paragraphs (1) through (7), may be
15redacted on the State Board's website.
16    (d) The State Board shall create, publish, and make
17publicly available an inventory, along with a dictionary or
18index of data elements and their definitions, of covered
19information collected or maintained by the State Board,
20including, but not limited to, both of the following:
21        (1) Covered information that schools are required to
22    report to the State Board by State or federal law.
23        (2) Covered information in the State longitudinal data
24    system or any data warehouse used by the State Board to
25    populate the longitudinal data system.
26    The inventory shall make clear for what purposes the State

 

 

10100HB3606sam003- 19 -LRB101 09053 AXK 60836 a

1Board uses the covered information.
2    (e) The State Board shall develop, publish, and make
3publicly available, for the benefit of schools, model student
4data privacy policies and procedures that comply with relevant
5State and federal law, including, but not limited to, a model
6notice that schools must use to provide notice to parents and
7students about operators. The notice must state, in general
8terms, the types of student data that are collected by the
9schools and shared with operators under this Act and the
10purposes of collecting and using the student data. After
11creation of the notice under this subsection, a school shall,
12at the beginning of each school year, provide the notice to
13parents by the same means generally used to send notices to
14them. This subsection does not apply to nonpublic schools.
 
15    (105 ILCS 85/30)
16    Sec. 30. Applicability. This Act does not do any of the
17following:
18        (1) Limit the authority of a law enforcement agency to
19    obtain any content or information from an operator as
20    authorized by law or under a court order.
21        (2) Limit the ability of an operator to use student
22    data, including covered information, for adaptive learning
23    or customized student learning purposes.
24        (3) Apply to general audience Internet websites,
25    general audience online services, general audience online

 

 

10100HB3606sam003- 20 -LRB101 09053 AXK 60836 a

1    applications, or general audience mobile applications,
2    even if login credentials created for an operator's site,
3    service, or application may be used to access those general
4    audience sites, services, or applications.
5        (4) Limit service providers from providing Internet
6    connectivity to schools or students and their families.
7        (5) Prohibit an operator of an Internet website, online
8    service, online application, or mobile application from
9    marketing educational products directly to parents if the
10    marketing did not result from the use of covered
11    information obtained by the operator through the provision
12    of services covered under this Act.
13        (6) Impose a duty upon a provider of an electronic
14    store, gateway, marketplace, or other means of purchasing
15    or downloading software or applications to review or
16    enforce compliance with this Act on those applications or
17    software.
18        (7) Impose a duty upon a provider of an interactive
19    computer service to review or enforce compliance with this
20    Act by third-party content providers.
21        (8) Prohibit students from downloading, exporting,
22    transferring, saving, or maintaining their own student
23    data or documents.
24        (9) Supersede the federal Family Educational Rights
25    and Privacy Act of 1974, or rules adopted pursuant to that
26    Act or the Illinois School Student Records Act, or any

 

 

10100HB3606sam003- 21 -LRB101 09053 AXK 60836 a

1    rules adopted pursuant to those Acts.
2        (10) Prohibit an operator or school from producing and
3    distributing, free or for consideration, student class
4    photos and yearbooks to the school, students, parents, or
5    individuals authorized by parents and to no others, in
6    accordance with the terms of a written agreement between
7    the operator and the school.
8(Source: P.A. 100-315, eff. 8-24-17.)
 
9    (105 ILCS 85/33 new)
10    Sec. 33. Parent and student rights.
11    (a) A student's covered information shall be collected only
12for K through 12 school purposes and not further processed in a
13manner that is incompatible with those purposes.
14    (b) A student's covered information shall only be adequate,
15relevant, and limited to what is necessary in relation to the K
16through 12 school purposes for which it is processed.
17    (c) Except for a parent of a student enrolled in a
18nonpublic school, the parent of a student enrolled in a school
19has the right to all of the following:
20        (1) Inspect and review the student's covered
21    information, regardless of whether it is maintained by the
22    school, the State Board, or an operator.
23        (2) Request from a school a paper or electronic copy of
24    the student's covered information, including covered
25    information maintained by an operator or the State Board.

 

 

10100HB3606sam003- 22 -LRB101 09053 AXK 60836 a

1    If a parent requests an electronic copy of the student's
2    covered information under this paragraph, the school must
3    provide an electronic copy of that information, unless the
4    school does not maintain the information in an electronic
5    format and reproducing the information in an electronic
6    format would be unduly burdensome to the school. If a
7    parent requests a paper copy of the student's covered
8    information, the school may charge the parent the
9    reasonable cost for copying the information in an amount
10    not to exceed the amount fixed in a schedule adopted by the
11    State Board, except that no parent may be denied a copy of
12    the information due to the parent's inability to bear the
13    cost of the copying. The State Board must adopt rules on
14    the methodology and frequency of requests under this
15    paragraph.
16        (3) Request corrections of factual inaccuracies
17    contained in the student's covered information. After
18    receiving a request for corrections and determining that a
19    factual inaccuracy exists, a school must do either of the
20    following:
21            (A) If the school maintains or possesses the
22        covered information that contains the factual
23        inaccuracy, correct the factual inaccuracy and confirm
24        the correction with the parent within 90 calendar days
25        after receiving the parent's request.
26            (B) If the operator or State Board maintains or

 

 

10100HB3606sam003- 23 -LRB101 09053 AXK 60836 a

1        possesses the covered information that contains the
2        factual inaccuracy, notify the operator or the State
3        Board of the correction. The operator or the State
4        Board must correct the factual inaccuracy and confirm
5        the correction with the school within 90 calendar days
6        after receiving the notice. Within 10 business days
7        after receiving confirmation of the correction from
8        the operator or State Board, the school must confirm
9        the correction with the parent.
10    (d) Nothing in this Section shall be construed to limit the
11rights granted to parents and students under the Illinois
12School Student Records Act or the federal Family Educational
13Rights and Privacy Act of 1974.
 
14    Section 99. Effective date. This Act takes effect July 1,
152021.".