Are Emails, Texts, Tweets, And Other Digital Communications Student Records Under FERPA And State Law?

by Franczek Radelet P.C.
Contact schools increase the use of technology to communicate with and about students, questions arise about the intersection between the data created and student records laws, such as the Federal Educational Rights and Privacy Act (FERPA). States also have similar laws that may provide greater protections than their federal counterpart. Are emails, texts, Tweets, and other digital communications between teachers, administrators, parents, and students “educational records” under FERPA and related state laws?

Let’s address the following questions: (1) Why does it matter? (2) Are digital communications student records? and (3) How do I respond to a broad student records record request for digital communications?

Why does it matter?

Whether emails and other digital communications are student records is important for two reasons. First, your state law may require your school to maintain student records for a certain time period. InIllinois, for example, the Illinois School Student Record Act suggests that temporary student records be maintained for five years after a student withdraws or graduates from school. Second, parents and students have the right to review and, in some cases, receive copies of student records.

What does this mean in the digital world? If digital communications are student records, schools may not be able to delete them as they do other records. And if a student requests digital communications, schools may be required to search through potentially tens of thousands of emails to respond to the request.

Are digital communications student records?

The short answer is that in most jurisdictions, courts have not answered this question. There is an argument that digital communications are not student records, even if a student can be identified therein, unless they have been printed out and maintained in a physical file for the student. But only one trial court appears to have addressed this issue head on and it is not clear whether appellate courts or even trial courts in other jurisdictions will agree. Accordingly, the safest approach is to continue to treat digital communications as student records until there is more clarity in the law.

In a 2002 case, the United States Supreme Court suggested that Congress envisioned FERPA applying only to files kept in a central file by a records custodian designated by the school, not to every record that might be generated across the school district by which a student can be identified. In Owasso Independent School Dist. No. I-011 v. Falvo, the Supreme Court found that students’ assignments are not educational records under FERPA. 534U.S. 426. In so doing, the Court clarified that not every record in a school concerning a student is an education record. The Court looked to a provision in FERPA, 20 U.S.C. § 1232g(b)(4)(A), which requires that a record of access be kept when a request for student records is made. That record must be kept “with the education records” of the student. The Court found that this suggested that Congress intended that education records would be kept in one place. Moreover, FERPA requires that a “school official” and “his assistants” are responsible for the custody of the records. The Court indicated that this implies that “education records are institutional records kept by a single central custodian, such as a registrar, not individual assignments handled by many student graders in their separate classrooms.”  534U.S. at 434–435.

Although Oswasso did not deal with digital communications like emails, the broad language in the case suggests that digital communications, which are maintained not with the student’s educational file but rather in the inboxes and outboxes of numerous school professionals, are not “maintained by” the school and so are not education records under FERPA. The same reasoning could be applied under state statutes, like the ones in Illinois and California, that use similar language to FERPA.

Indeed, the one court that has addressed the issue directly held, based on Owasso, that emails are not education records as defined by FERPA. A California special education student sued after his school refused to release emails in response to a request for records under the Individuals with Disabilities Education Act (IDEA). The IDEA requires schools to release records to students that fall within the definition of “education records” found in FERPA. The California court found that emails are not “education records” under FERPA because they are not “maintained” by a school unless they have been printed out and placed in a student’s actual file. S.A. v. Tulare County Office of Education, 2009 Westlaw 3126322 (E.D.Cal). Relying on Owasso, theCalifornia court explained:

Emails, like assignments passed through the hands of students, have a fleeting nature. An email may be sent, received, read, and deleted within moments. As such, Student’s assertion – that all emails that identify Student, whether in individual inboxes or the retrievable electronic database, are maintained ‘in the same way the registrar maintains a student’s folder in a permanent file’ – is ‘fanciful.’ Like individual assignments that are handled by many student graders, emails may appear in the inboxes of many individuals at the educational institution. FERPA does not contemplate that education records are maintained in numerous places. As the [Supreme Court in Owasso] set forth . . . ‘Congress contemplated that education records would be kept in one place with a single record of access.’”

The court found that “[only those] emails that are printed and placed in Student’s file are ‘maintained’” under case law interpreting the meaning of FERPA and the IDEA.”

So, there is good reason to believe that emails, texts, Tweets, and other digital communications between teachers, administrators, parents, and students about students are not student records unless they are maintained in the student’s file. Nonetheless, because of the dearth of case law on this issue, the question is far from settled. Moreover, parents have shown a willingness to file lawsuits seeking records. School districts that do not wish to face a legal challenge may take the more conservative approach and treat emails and other digital communications as student records.

How do I respond to a broad records request for digital communications?

If a school district does not wish to fight a legal battle over a student records request for digital communications about a student, there are nonetheless ways to limit the impact of an overbroad request. These include:

  • Directing school employees and agents to avoid the use of school email to communicate about students to the greatest extent possible. Indeed, the Department of Education has made clear that email is not secure enough to use for sending certain types of student information, such as grades, to students.
  • Directing school employees and agents not to use their personal phones, email accounts, Twitter, and other social media accounts and other personal technology to communicate with other staff, students, parents or teachers about students. If they do so, it can create an administrative headache if a student records request is made for records created through those mediums. Just obtaining access to the records can be a challenge, especially in light of laws in some states prohibiting public employees from demanding access to or information from employees’ social media websites (a recent article I wrote on the Illinois law can be found here). As our friends over at @MunicipalMinute recently reported, a similar federal law is currently pending in Congress. If school employees do choose to use personal technology to communicate with students, they should sign an acknowledgement recognizing limitations in Board policies on their reasonable expectation of privacy to those records and of the fact that they may be required to turn the records or even their personal technological devices over to the school to the extent allowed by law.
  • If a parent makes a blanket request for digital communications the school can ask the parent to limit the scope of the request before it responds. The Department of Education has made clear that it is the parent’s responsibility to “clearly specify” what records they are seeking, and all that the school is required to do is conduct a “reasonable search.” If the parent believes a school’s response has not provided certain records, it is the parent’s responsibility to specify the records he or she thinks exist and have not been produced. Let’s say a parent asks for all emails about their student, a seventh grader in a K-8 school district. The school could ask the parent what type of digital communications they are seeking and on what topic, and use that information to greatly narrow the search.

A big thanks to Bobby Truhe (@btruhe) for the suggestion of this interesting topic. If any other readers have suggestions for topics for the blog, please send me a Tweet at @EdLawInsights or email me at

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Franczek Radelet P.C. | Attorney Advertising

Written by:

Franczek Radelet P.C.

Franczek Radelet P.C. on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.