Thought Leadership

When You Can’t Un-Send It: Teacher’s Group Chat Mishap Leads to FERPA Violation

It’s rare, but when it happens, it can feel like a bad dream: An educator accidentally sends confidential student information to the wrong recipient. As educators’ use of technology, including social media, to communicate with students continues to increase, that dream threatens to become a nightmare. One mistyped email address or missed click of the mouse can share confidential information not just with one recipient, but with dozens if not hundreds at a time. A recent opinion from the U.S. Department of Education’s Student Privacy Policy Office reminds educators that such mishaps can be more than just embarrassing. Improperly releasing a student’s personally identifiable information can also violate the Federal Educational Rights and Privacy Act, or FERPA. What can schools and educators learn from the decision?

In Letter to Moss, the SPPO found a Missouri school district violated FERPA when a baseball coach accidentally sent a baseball player’s grades to 113 other students via social media. The disclosure likely occurred when the coach, who is also a teacher, was doing routine grade checks of all baseball players and accidentally shared the grades through a communication app used by the school district.

FERPA generally requires parents/guardians to sign off before a student’s educational records or personally identifiable information is shared with other students or third parties. Because the coach did not have the student’s parents’ permission to share the grades through the app, his actions violated FERPA.

Notably, the SPPO did not punish the coach’s school district for the violation. When the district found out about the mishap, it reviewed and revised its policies about appropriate use of group text apps. The district also trained the coach/teacher on FERPA. Along with the district’s assurance to the SPPO that all school officials would comply with FERPA in the future, the District’s voluntary remedial actions were enough for the SPPO to close the complaint without any remedies for the violation.

What should school districts take away from this ruling?

If a communication includes grades or other personally identifiable information, staff should default to using safer communications alternatives such as emails as opposed to an application with a group chat feature. Apps tend to be newer and so we are less familiar with them, which can lead to more accidents.

Also, take steps now to train your staff on risks that come with using social media with students, including those involving FERPA. Our team at Thompson & Horton has engaging, interactive virtual and in-person trainings that address these and other technology issues that you should cover with your team on a regular basis. Help staff understand that if a mistake occurs and something is shared that should not be, they should contact leadership immediately to report it so that remedial actions can be taken.

That said, accidents happen. If you learn of an incident, don’t wait for a complaint to be filed; move forward with remedial measures to address the situation promptly to put your school or district in the best position to defend against a complaint later.

For assistance on complying with FERPA or other student privacy laws or if you have other questions about the potential implications of this ruling, please contact Mia Pipkin, Jackie Gharapour Wernz, or any other Thompson & Horton attorney.