Skip to content
Aurora Institute

Updating FERPA to Protect Student Data Privacy and Security at the Federal Level

Education Domain Blog

Author(s): Susan Gentz

Issue(s): Federal Policy, Increase Access to Broadband

Student data privacy is, and many predict it will continue to be, a hot topic on Capitol Hill in 2016. In 2015, Congress introduced eight new stand alone bills and an amendment to the reauthorization of the Elementary and Secondary Education Act (now known as the Every Student Succeeds Act or ESSA). Ultimately, student data privacy was not explicitly addressed in ESSA, but there are still implications for student data from the bill.

There is a consistent voice in the education community that the Family and Educational Rights and Privacy Act (FERPA) is long overdue to be updated. It was enacted in 1974 and was written in a time where we kept records in locked filing cabinets, and the use of technology in schools is a call to action for updating the law in order to ensure students are protected.

Screen Shot 2016-01-13 at 6.21.08 PMWithin proper safeguards, data collection is key to personalized learning, allowing educators to customize learning pathways for each student. Data can give parents and teachers the ability to understand students’ strengths and needs to help improve student achievement. Data helps teachers and parents understand where students are thriving and where they are getting stuck on specific learning concepts. Data, such as information on teacher credentials, graduation rates, student test scores and college enrollment empowers parents and teachers to help students achieve success.

It is time to update these laws to protect student privacy without stifling innovation through prohibitive policies that will limit the potential of student data to empower educators, students and families with valuable insights into personalizing instruction and better serving the individual learning needs of each student.

The United States Department of Education (ED) is also taking steps to help districts and schools ensure that the critical data being collected (and used to personalize learning) is done in a way so that student data is safe, secure and protected. In 2011, ED hired their first Chief Privacy Officer, whose duties include leading the Privacy Technical Assistance Center (PTAC) and providing best practices for data privacy. The goal of PTAC is to serve as a one-stop resource for the Pre-K through higher education community on privacy, confidentiality, and data security. In August 2015, PTAC released a Checklist for Developing School District Privacy Programs and worked to curate a collection of resources to help schools ensure the protection of student data.


  • Ensure districts have policies in place to protect and safeguard data.
  • Update FERPA to ensure educators are able to use data to provide personalized instruction, educational institutions protect data privacy and security, and stakeholders know how data are collected and used.
  • Ensure student data privacy policies encourage good data governance by educators, institutions, and providers, and do not inhibit personalized learning approaches.

To learn more: