Best Practices for the Release of Data Under FERPA During School Emergencies

"A delicate balance exists between privacy and security in schools," a recent federal report on school safety noted. "On the one hand, there is the legal requirement to protect the privacy of student education records. On the other hand, it is critical to recognize that some education records may contain information that, if disclosed to appropriate officials, could help prevent students from harming themselves or others."

Finding the appropriate balance between disclosing information during a school emergency and adhering to the regulations of the Family Educational Rights and Privacy Act (FERPA) is the subject of a new two-page guide released by the Future of Privacy Forum (FPF). FPF is a nonprofit that advocates for privacy leadership and research in support of emerging technologies. According to the organization, the guidance is intended to help school personnel understand when and what to disclose. The goal is to be able to "distinguish between disclosures in response to specific, articulable threats and general school surveillance programs."

The guidance came out in response to the "Final Report of the Federal Commission on School Safety," which, FPF asserted, failed to address how to implement security measures while also including appropriate privacy protections. "For example," FPF noted, "the report recommends the use of 'appropriate systems to monitor social media and mechanisms for reporting cyberbullying incidents' but does not mention the privacy implications of such monitoring or appropriate privacy protections."

During the deliberative process, FPF testified about privacy issues and recommended better communication to stakeholders about current privacy laws [and] the importance of "creating 'privacy guardrails' in the context of school safety plans" and encouraged the Commission to develop specific guidance for schools on how to set up those guardrails.

"Unfortunately, the report offers little practical guidance to school officials on how to consider privacy safeguards as they implement programs to monitor threats, harden schools or train personnel," FPF said in a statement. "Privacy doesn't seem to have been a top concern for the Commission, even though its members heard testimony about ways to have both security and privacy."

As an example, FPF stated, the Commission's report advised the use of "appropriate systems to monitor social media and mechanisms for reporting cyberbullying incidents." It failed, however, to cover the privacy implications of those forms of monitoring or the appropriate privacy protections.

The FPF guidance offered four best practices for deciding whether to disclose student information and answered five "frequently asked questions" about FERPA requirements on sharing information during emergencies.

Among the best practices was this one: to "carefully consider potential unintended consequences, such as disproportionate effects on vulnerable populations, and balance those risks with the benefits of monitoring and disclosing student information." While complying with FERPA, the guidance pointed out, "schools must also avoid sharing information that could stigmatize students, make them feel that they can't share their feelings with school staff or incorrectly label them as a 'threat.'"

The federal report is openly available on the U.S. Department of Education's website.

The FPF guidance, "Disclosing Student Information During School Emergencies: A Primer for Schools," is available on its website.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • young man in a denim jacket scans his phone at a card reader outside a modern glass building

    Colleges Roll Out Mobile Credential Technology

    Allegion US has announced a partnership with Florida Institute of Technology (FIT) and Denison College, in conjunction with Transact + CBORD, to install mobile credential technologies campuswide. Implementing Mobile Student ID into Apple Wallet and Google Wallet will allow students access to campus facilities, amenities, and residence halls using just their phones.

  • lightbulb

    Call for Speakers Now Open for Tech Tactics in Education: Overcoming Roadblocks to Innovation

    The annual virtual conference from the producers of Campus Technology and THE Journal will return on September 25, 2025, with a focus on emerging trends in cybersecurity, data privacy, AI implementation, IT leadership, building resilience, and more.

  • illustration of a football stadium with helmet on the left and laptop with ed tech icons on the right

    The 2025 NFL Draft and Ed Tech Selection: A Strategic Parallel

    In the fast-evolving landscape of collegiate football, the NFL, and higher education, one might not immediately draw connections between the 2025 NFL Draft and the selection of proper educational technology for a college campus. However, upon closer examination, both processes share striking similarities: a rigorous assessment of needs, long-term strategic impact, talent or tool evaluation, financial considerations, and adaptability to a dynamic future.

  • DeepSeek on AWS

    AWS Offers DeepSeek-R1 as Fully Managed Serverless Model, Recommends Guardrails

    Amazon Web Services (AWS) has announced the availability of DeepSeek-R1 as a fully managed serverless AI model, enabling developers to build and deploy it without having to manage the underlying infrastructure.