Map all data fields your integration stores or transmits to FERPA-defined categories: education records (protected), directory information (conditionally shareable), and non-education records
Before exposing any student PII to a third party, verify a signed data processing agreement or outsourcing exception is in place with the educational institution as required by FERPA's school official exception
Implement role-based access so that students can access only their own records, while teachers access only records for students in their assigned courses
Log all third-party data disclosures in a per-student disclosure log with recipient, purpose, date, and legal basis, as institutions must provide this log on request
Apply data minimization: request only the specific fields needed for each API call rather than pulling full student profiles, to reduce exposure surface
Known gotchas
Directory information (name, email, enrollment status) can still be protected if a student or parent has filed a directory information opt-out; your integration must honor an opt-out flag from the SIS rather than assuming directory fields are always shareable
FERPA applies to institutions receiving federal funding; a purely private tutoring platform is not directly subject to FERPA, but may still need to comply contractually as a 'school official' acting on behalf of a covered institution
De-identified data is outside FERPA scope, but de-identification requires removing all 18 HIPAA-style direct identifiers plus any other information that could reasonably be used to identify the student; partial anonymization does not qualify
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp