How Summit maintains FERPA-compliance
Summit is very serious about protecting the privacy of teachers, parents, and students. We partner with privacy experts to ensure Summit is always fully compliant with all federal privacy legislation (like FERPA and COPPA) as well as state legislation. This primer shares more details about how Summit’s practices help schools stay compliant with FERPA. Below is a guide we hope you’ll find useful. This is not legal advice, nor are we in a position to provide legal advice.
What is FERPA?
FERPA is ‘The Family Educational Rights and Privacy Act’ that applies to all educational institutions that receive federal funding from the Department of Education. It protects personally identifiable information (PII) in students’ “educational records” from unauthorized disclosure. FERPA also affords parents the right to access their child's education records, the right to seek to have the records amended, and the right to have some control over the disclosure of PII from education records.
Basically, FERPA says that schools cannot share PII contained in “education records” without parent’s written consent. Without that written consent, FERPA only allows a school to share PII from an
“education record” if an ‘exception’ to FERPA is met. The two most common exceptions using by schools that engage third-party service providers such as Summit are the “School Official” and “Directory Information” exceptions.
What is the “School Official” exception to FERPA?
The “School Official” exception allows schools to disclose PII from students’ “education records” to a “School Official” (i.e. Summit) as long as the “School Official”:
Performs an institutional service or function for which the school or district would otherwise use its own employees;
Has been determined to meet the criteria set forth in the school’s or district’s annual notification of FERPA rights for being a school official with a legitimate educational interest in the education records;
Is under the direct control of the school or district with regard to the use and maintenance of education records; and
Uses education records only for authorized purposes and may not re-disclose PII from education records to other parties (unless the provider has specific authorization from the school or district to do so and it is otherwise permitted by FERPA).
What is an education record?
“education records” are those records, files, documents, and other materials which (i) contain information directly related to a student; and (ii) are maintained by an educational agency or institution or by a person acting for such agency or institution. It is important to remember, however, that student information that is shared under the “Directory Information” exception (such as student name and class year), is not subject to FERPA’s use and re-disclosure limitations.
Additionally, education records do not include records which are in the sole possession of the maker and which are not accessible or revealed to any other person except a substitute.
Is anything submitted by teachers on Summit an “educational record”?
Some of the information teachers disclose to Summit may likely be “Directory Information” (such as student name and grade) and not an “education record”. Additionally, some of the information collected through the Platform such as classwork, Project submissions, assessment responses, and academic goals; communications with teachers and mentors; and non-academic information could be deemed to be an “education record”. FERPA isn’t clear about whether the communications with teachers and mentors and non-academic information would legally be considered an educational record. So, it’s really up to each school to decide if it is (we know, not very helpful from FERPA!).
Does Summit help schools stay FERPA-compliant?
Yes, Summit helps schools stay fully FERPA-compliant. Here’s how:
Alternatively, some schools or districts may instead choose not to rely on the “School Oﬃcial” or “Directory Information” exemption, and instead get parental consent for each technology they use. Summit’s Terms of Service and Data Protection Addendum supports this approach, too, for complying with FERPA.
Finally, our policies prohibit us from sharing PII from “education records” with any other third-parties unless they aid in providing the Summit service. For your reference, we provide a list of our service providers on our website.
Summit is always working with top privacy advocates and experts in education to protect teachers, parents, and students, and to ensure all privacy obligations are met, including FERPA.
- Department of Education: https://studentprivacy.ed.gov/topic/family-educational-rights-privacy-act-ferpa
- FERPA/SHERPA: https://ferpasherpa.org/
- Department of Education Model Terms of Service: https://studentprivacy.ed.gov/sites/default/files/resource_document/file/TOS_Guidance_Jan%202015_0%20%281%29.pdf
For additional questions
If you have any questions about this Primer or our practices, please contact firstname.lastname@example.org
You can also reach us by calling (650) 257-9878 or writing to:
Summit Public Schools
780 Broadway Street
Redwood City, CA 94063
Attn: Summit Learning Program