FERPA 101

It is interesting to think that a law enacted in 1974—pre-smartphone, mobile app, and modern computer—still governs the vast technological landscape and data collection practices of modern education. In the age of online learning and student one-to-one devices, the Family Educational Rights and Privacy Act of 1974 (FERPA) remains the primary federal law protecting student privacy. FERPA analysis has grown increasingly complex over the years as rules and guidance were added to account for emerging technologies–as  highlighted during the COVID-19 pandemic when the education community struggled to apply FERPA in light of schools’ increasing reliance on educational technology. It can be a struggle to fit schools’ modern technology adoption and use within FERPA’s outdated framework, making it difficult to know which data and practices are subject to the law, let alone what the legal obligations are for educational agencies and institutions.


These FAQs serve as a primer for the Fixing FERPA series, providing key background information, historical context, and an overview of various provisions in the law.

FERPA is a federal privacy law that protects the privacy of students’ personally identifiable information (PII) in education records. FERPA primarily does two things: ensures appropriate access and limits unauthorized disclosure. Access is embodied through FERPA’s guarantee that parents and eligible students–students 18+ or attending higher education institutions–have the right to access their education records and to challenge the information in them as inaccurate or no longer relevant. FERPA prohibits all other disclosures of PII in education records unless there is consent or an applicable exception to FERPA’s consent requirement and certain safeguards are in place.

Other Fixing FERPA Publications