What FERPA Actually Means for Your Classroom Technology Choices
Most teachers have heard of FERPA but aren’t sure what it requires in practice. Here’s a plain-language breakdown — and what to look for before you add any new tool to your classroom.
FERPA comes up a lot in EdTech conversations — usually in one of two ways. Either a vendor drops it into their marketing copy to sound legitimate, or an administrator flags it as a reason not to use a new tool. In most classrooms, teachers hear the word and nod along without being entirely sure what it actually requires of them.
This isn’t a legal guide — I’m a teacher, not a lawyer. But after building a student data platform and going through the process of making it FERPA compliant, I understand the practical implications better than most. Here’s what actually matters for everyday classroom technology decisions.
What FERPA Is — and Isn’t
FERPA — the Family Educational Rights and Privacy Act — is a federal law that protects the privacy of student education records. It applies to schools that receive federal funding, which includes virtually every public school in the United States.
FERPA gives parents (and students over 18) the right to access, review, and request corrections to education records. It also restricts schools from disclosing personally identifiable student information without consent.
What FERPA is not: a blanket prohibition on using technology in the classroom. Schools use third-party tools all the time under FERPA — the key is doing it correctly. That means understanding what counts as an education record, who can access it, and what your vendor is doing with the data.
What Counts as an Education Record
This is where teachers often get surprised. An education record isn’t just a transcript or a report card. Under FERPA, an education record is any record that is directly related to a student and maintained by the school or a party acting on the school’s behalf.
In a classroom technology context, that can include:
- !Student names and email addresses stored in a third-party platform
- !Assignment submissions and grades in an LMS
- !Project progress data tracked in a classroom tool
- !Any records that could identify a specific student
If you’re entering student names and emails into a tool — any tool — and that tool stores that information, you’re dealing with education records under FERPA.
The School Official Exception
The good news is FERPA has a practical exception that covers most classroom technology use cases. Schools can share student information with third-party vendors under what’s called the “school official exception” — as long as certain conditions are met.
The vendor must:
- ✓Have a legitimate educational interest in the data
- ✓Use the data only for the purposes the school specifies
- ✓Not redisclose the data to other parties
- ✓Be under the school’s direct control regarding data use
In practice, this is handled through a Data Processing Agreement (DPA) — a contract between the school and the vendor that spells out exactly how student data will be used, stored, and deleted.
Questions to Ask Before Adding Any Tool
Before you sign up for any classroom technology platform that will hold student data, here are the questions worth asking — either of the vendor directly or by reviewing their privacy policy.
- ✓Do they sell student data? Any vendor that monetizes student data through advertising or data sales is not FERPA compatible. This should be a hard no.
- ✓Can you request a DPA? A vendor that won’t provide a Data Processing Agreement is not a vendor you should use for student data.
- ✓What happens to data when you leave? You should be able to export your data and request full deletion at any time.
- ✓Where is the data stored? Data stored in the US under US jurisdiction is easier to manage from a compliance standpoint.
- ✓Do they have a published Privacy Policy? If a vendor doesn’t have a clearly written, publicly accessible privacy policy, that’s a red flag.
What About COPPA and SOPIPA?
If you teach students under 13, COPPA (Children’s Online Privacy Protection Act) adds another layer. Under COPPA, websites and online services can’t collect personal information from children under 13 without parental consent. Schools can provide that consent on behalf of parents for tools used for educational purposes — but only if the tool is used solely for education and not for commercial purposes.
California teachers also need to be aware of SOPIPA — the Student Online Personal Information Protection Act. SOPIPA goes further than FERPA in some ways, specifically prohibiting vendors from using student data to build profiles for advertising, selling data to third parties, or using it for any purpose unrelated to the educational service.
What Good Compliance Looks Like in Practice
A FERPA-compliant EdTech vendor should be able to tell you clearly and specifically: what data they collect, why they collect it, who can access it, how long they keep it, and how you can delete it. That information should be in their privacy policy, not buried in fine print or vague marketing language.
When I built Learning Wake, these were the requirements I designed around from the start — not because compliance is exciting, but because teachers deserve tools that don’t put them or their students at risk. The platform collects only what’s needed to provide the service, never sells or uses student data for advertising, and gives schools the ability to request full data deletion at any time.
That’s what compliance looks like in practice. Not a checkbox — a set of actual commitments backed up by real policy and real technical controls.
FERPA Compliant. Teacher Built. Ready for Your District.
Learning Wake is FERPA, COPPA, and California SOPIPA compliant. DPAs available on request.
Request a Demo
Leave a Reply