FERPA Basics
This federal law protects student education records.
What is FERPA?
This is the safest way to use AI for teaching—provide examples, explanations, and general help without using student-specific data.
What is general pedagogical support?
This type of student work must never be uploaded into AI tools without institutional approval.
What are student assignments or submissions?
Tools integrated with Canvas, Banner, or Starfish must always go through this evaluation process.
What is tech/security/LTI integration review?
True or False: FERPA only applies to physical files.
What is false?
FERPA applies to both physical records and these digital ones.
What are electronic or digital student records?
AI tools may not use student PII for this purpose, unless explicitly prevented via contract.
What is AI model training?
Screenshots of this learning management system cannot be uploaded if student info is visible.
What is Canvas?
This agreement transforms a vendor into a “school official” with legitimate educational interest.
What is a Data Processing Agreement (DPA)?
True or False: AI is always safe as long as students aren’t named.
What is false? (Context can identify a student.)
Student names, student IDs, and emails are examples of this type of protected data.
What is personally identifiable information (PII)?
These AI tools are considered “third-party vendors” under FERPA.
What are external AI systems (e.g., ChatGPT, Gemini, Claude)?
Grades, comments, and feedback are examples of these FERPA-protected items.
What are education records?
DPAs must prohibit vendors from doing this with student data.
What is training AI models or using data for other customers?
True or False: Students can be forced to use an external AI tool without alternatives.
What is false?
This is required before any third-party vendor can access FERPA-protected data.
What is a Data Processing Agreement (DPA) / contract?
This must always be offered to students if you require the use of an external AI tool for coursework.
What is an alternative assignment?
You may upload this kind of assignment as long as all student identifiers are removed.
What is anonymized or de-identified student work?
Even if a tool is free, this distinction still matters: personal account vs. ______ account.
What is a district/college account?
True or False: FERPA protects data even when faculty use personal Google/OpenAI accounts.
What is false? (FERPA does not cover personal accounts.)
Under FERPA, these individuals—not AI companies—hold responsibility for protecting student data.
Who are the educational institutions (colleges)?
Faculty should never upload student assignments to external AI unless this condition is met.
What is having a DPA/contract (and explicit institutional approval)?
This is the rule that says you must remove all personal data before using AI.
What is the “No Identifiers In, No Identifiers Out” rule?
Faculty cannot bypass this institutional process, even if a tool is “educational” or “popular.”
What is the security/privacy review (and DPA requirement)?
True or False: Colleges—not instructors—are ultimately responsible for FERPA compliance.
What is true?