How SOPIPA Affects Vendors

One question that we have been asked since SOPIPA's introduction is whether or not SOPIPA will adversely affect vendors who are working on building and delivering educational technology products. The answer is no. In our outreach to vendors while this law was being crafted and since the law has passed, the feedback we have consistently received is that SOPIPA reflects the good practices that many reputable edtech vendors have been doing for years, while highlighting ways that student data could potentially be used outside an educational context. We have also received feedback that SOPIPA has highlighted the need for sound data security, including encryption, and that many companies have reviewed and improved their security practices as a result.

Q: Do I have to comply with SOPIPA?
A: If you operate a website, an online service, or a mobile app designed, marketed, and used primarily for K–12 school purposes, and you operate in California K–12 schools, you must comply with SOPIPA.

Q: Will SOPIPA make it difficult for me to create educational products?
A: No.

To be SOPIPA compliant you as a vendor should meet the following requirements:

1. not use any data collected via your service to target ads;
2. not create advertising profiles on students;
3. not sell student information;
4. not disclose information, unless required by law or as part of the maintenance and development of your service;
5. use sound information-security practices, which often include encrypting data;
6. will delete data that you have collected from students in a school when the school or district requests it;
7. share information only with educational researchers or with educational agencies performing a function for the school;
8. innovate safely without compromising student privacy by only using de-identified and aggregated data as you develop and improve your service.