FERPA & AI in K-12: What Districts Need to Know

FERPA Fundamentals for AI

The Family Educational Rights and Privacy Act (FERPA) protects the privacy of student education records. It applies to all educational agencies and institutions that receive federal funding — which is virtually every public school district in the United States.

When any technology, including AI tools, accesses, processes, stores, or generates content based on student education records, FERPA applies. There is no AI exception.

What counts as an education record?

An education record is any record that is directly related to a student and maintained by the educational agency. In the context of AI tools, this includes:

• Student names, IDs, grades, and assignment submissions
• Behavioral records, attendance data, and disciplinary information
• IEP and 504 plan information
• Student-generated content within educational platforms (essays, responses, projects)
• Usage patterns and interaction logs that can be tied to individual students
• AI-generated assessments, recommendations, or reports about specific students

The school official exception

FERPA allows districts to share education records with third parties (including AI vendors) without parental consent under the "school official" exception. For this exception to apply, the vendor must:

1. Perform an institutional service or function for which the district would otherwise use employees
2. Be under the direct control of the district with respect to the use and maintenance of education records
3. Use education records only for the purposes for which the disclosure was made
4. Meet the district's criteria for who constitutes a "school official" with a "legitimate educational interest"

This exception is the legal basis for most AI tool deployments in schools. But it requires a proper agreement — and it has limits that matter specifically for AI.

AI-Specific FERPA Risks

Generative AI introduces FERPA risks that did not exist with traditional edtech. Districts need to understand these risks to govern AI effectively.

1. Model training on student data

When students interact with AI tools, their inputs (prompts, essays, questions) may be used by the AI vendor to improve or train their models. Under FERPA, education records disclosed under the school official exception can only be used for the authorized educational purpose. Using student data to train a commercial AI model goes beyond that purpose.

What to do: Your data processing agreement must explicitly prohibit the vendor from using student data for model training, product improvement, or any purpose other than providing the contracted educational service.

2. Unauthorized teacher adoption

When a teacher signs up for a consumer AI tool (like a free ChatGPT account) and has students use it, the district has likely created an unauthorized disclosure of education records. The teacher did not have authority to enter into a data agreement on the district's behalf, and the AI vendor has no obligation to protect student data under FERPA.

What to do: Establish a clear AI tool approval process. Only AI tools that have been vetted and that operate under a district-level data processing agreement should be used with students.

3. Data persistence and retrieval

AI tools may retain conversation histories, student inputs, and generated outputs. Unlike traditional software where you can delete a database record, AI systems may embed student data in model weights, vector stores, or retrieval systems in ways that are difficult to isolate and delete.

What to do: Understand exactly how the vendor stores student data, whether data persists in AI memory or context systems, and what the vendor's data deletion process actually does at the technical level.

4. Inference and profiling

AI tools can infer sensitive information about students that was never directly provided — learning disabilities, emotional states, family circumstances, political or religious views. These inferences, if stored, may themselves become education records.

What to do: Define in your governance framework what types of AI-generated inferences are permissible and ensure that sensitive inferences are not stored, disclosed, or used for automated decision-making about students.

Data Processing Agreements for AI Tools

A data processing agreement (DPA) is the legal document that governs how a vendor handles student data. For AI tools, standard DPA templates may not cover the unique risks. Here is what to include:

Essential DPA provisions for AI

• Purpose limitation. Student data may only be used to provide the contracted educational service. Explicitly prohibit use for model training, product development, benchmarking, or any other commercial purpose.
• Data processing specifics. Define exactly what data the AI tool will access, how it will process that data, and where the data will be stored. Include AI-specific elements like context windows, conversation histories, and embeddings.
• Sub-processor disclosure. AI tools often rely on multiple sub-processors (cloud providers, model providers, inference services). The DPA should list all sub-processors and require notification before any changes.
• Data retention and deletion. Specify how long student data is retained, when it is automatically deleted, and what "deletion" means technically (especially for data that may be embedded in AI systems).
• Security standards. Require specific security measures including encryption at rest and in transit, access controls, incident response procedures, and regular security assessments.
• Audit rights. The district should have the right to audit the vendor's data handling practices and request evidence of compliance.
• Breach notification. Define timelines and procedures for notifying the district of any data breach or unauthorized access.
• De-identification standards. If the vendor uses de-identified data for any purpose, define what de-identification means and require that it meet the FERPA de-identification standard (removing all personally identifiable information and applying reasonable measures to prevent re-identification).

COPPA Considerations for AI in K-12

The Children's Online Privacy Protection Act (COPPA) adds another layer of requirements when AI tools are used with students under 13.

School consent under COPPA

The FTC allows schools to consent on behalf of parents for the collection of children's personal information, but only when:

• The information is used solely for an educational purpose
• The school has authorized the collection for that purpose
• The operator (AI vendor) does not use the information for any commercial purpose

If an AI tool collects personal information from students under 13 and uses it for advertising, profiling, or any non-educational purpose, separate verifiable parental consent is required — the school cannot consent to commercial use on parents' behalf.

AI-specific COPPA issues

• Voice data. AI tools that process student voice (speech-to-text, voice assistants) are collecting personal information under COPPA.
• Behavioral profiling. AI tools that build behavioral profiles of students under 13 may be collecting personal information beyond what is necessary for the educational service.
• Persistent identifiers. Cookies, device IDs, and other persistent identifiers used by AI tools to track students across sessions are personal information under COPPA.

Evaluating AI Vendors for Compliance

When your district evaluates an AI tool, these are the questions to ask — and the answers to look for:

Questions for AI vendors

1. Where is student data stored and processed? Look for: specific data center locations, confirmation that data stays within the US (if required by state law), and details about cloud infrastructure.
2. Is student data used to train your AI models? Look for: explicit "no" with contractual commitment, not just a policy statement.
3. What happens to student data when a conversation or session ends? Look for: clear retention timelines and automatic deletion processes.
4. Who are your sub-processors? Look for: a complete list including model providers, cloud services, and any third-party services that touch student data.
5. Can you provide a completed Student Data Privacy Consortium (SDPC) agreement? Look for: willingness to sign standardized state DPA templates.
6. What security certifications do you hold? Look for: SOC 2 Type II at minimum, with specific attention to how AI-specific risks are addressed.
7. How do you handle data subject access and deletion requests? Look for: documented processes with specific timelines.
8. Can the district control what data the AI tool can access? Look for: granular data access controls, not all-or-nothing access.

FERPA Compliance Checklist for AI Tools

Use this checklist when evaluating or deploying any AI tool in your district:

• Signed data processing agreement (DPA) with the AI vendor that covers AI-specific provisions
• Vendor designated as a school official with legitimate educational interest in district policy
• Annual FERPA notification to parents updated to include AI tool vendors
• Explicit prohibition on using student data for model training in the DPA
• Sub-processor list reviewed and all sub-processors meet district data standards
• Data retention and deletion policies documented and verified
• Teacher training completed on approved AI tools and the district approval process
• Process in place for teachers to request new AI tools (not self-service sign-up)
• Monitoring system to detect unauthorized AI tool use
• Incident response plan updated to include AI-specific data breach scenarios
• Accessibility review completed for AI tools (Section 504 / IDEA compliance)
• COPPA-specific provisions in place for tools used with students under 13
• Governance review scheduled quarterly to re-evaluate tools and policies