In late 2024, a 19-year-old college student named Matthew Lane accessed PowerSchool's systems and exfiltrated years of student and staff records, including Social Security numbers, birthdates, and contact information, from school districts across the country. PowerSchool serves over 18,000 school organizations across 90 countries, supporting activities of more than 60 million students. The breach became one of the most significant cybersecurity incidents in K-12 history.
Lane wasn't a sophisticated nation-state actor. He was a student at Assumption University in Worcester, Massachusetts, who found a way into systems that schools trusted with their most sensitive data. He later pleaded guilty to federal charges.
The PowerSchool breach illustrates a painful reality: education is now the most attacked sector in cybersecurity. In 2025, schools faced an average of 4,388 weekly cyberattacks per institution. Since 2005, US schools have experienced 3,713 data breaches affecting more than 37.6 million records. Children's identities can be exploited quietly for years before detection because kids don't check their credit reports.
Against this backdrop, schools are adopting AI tools to help with everything from grading to personalized learning to administrative workflows. The question they should be asking: Is Claude FERPA compliant?
The short answer is no, not by default. Consumer Claude should never touch student records. Enterprise and education tiers can support compliant workflows with proper implementation. This guide covers what you need to know.
The short version: If you need to redact sensitive documents before they reach AI systems, PaperVeil handles that layer. The rest of this article explains where it fits in the broader governance architecture.
What FERPA Actually Requires
The Family Educational Rights and Privacy Act protects the privacy of student education records. Unlike HIPAA, there's no official "FERPA certification" that AI vendors can obtain. Compliance depends on how you implement and use the technology.
Here's what FERPA mandates:
Protection of education records. Schools must protect personally identifiable information (PII) contained in education records. This includes direct identifiers (names, Social Security numbers, student IDs) and indirect identifiers that could allow someone to identify a student with reasonable certainty.
Parent and student rights. Parents (and eligible students over 18) have the right to inspect education records, request corrections, and control disclosure to third parties.
Restrictions on disclosure. Schools generally cannot disclose PII from education records without consent, with specific exceptions. Third-party vendors can access student data under the "school official" exception only if they perform services the school would otherwise perform, are under direct control of the school regarding data use, and only use the data for authorized purposes.
Directory information rules. Schools can designate certain information as "directory information" (name, grade level, enrollment status) that can be disclosed without consent, but must provide notice and opt-out opportunities.
The penalties for FERPA violations differ from other privacy laws. There are no direct fines. Instead, the Department of Education can terminate federal funding to institutions that violate FERPA. For schools that depend on federal funding (which is most of them), this threat carries significant weight.
The Student Data Problem
Student records contain information that creates lasting harm when exposed:
Academic records include grades, transcripts, disciplinary actions, special education classifications, and behavioral assessments. This information follows students through their educational careers and can affect college admissions, scholarships, and employment.
Personal identifiers like Social Security numbers and birthdates are gold for identity thieves. Children's identities are particularly valuable because fraud can go undetected for years until the child applies for their first credit card or student loan.
Special education records contain detailed information about disabilities, behavioral interventions, and psychological assessments. These records carry additional protections under IDEA and create concentrated privacy risks.
Health information appears in student records when it affects educational performance. Allergies, medications, mental health conditions, and chronic illnesses create HIPAA-like sensitivity within FERPA's framework.
Family information including parent names, addresses, custody arrangements, and financial data (for free lunch programs) reveals details about family circumstances that students and parents expect to remain private.
When an educator pastes student information into an AI tool to generate report card comments or analyze academic performance, they're potentially transmitting all of these data types to a third party that may not meet FERPA's requirements.
How Claude Handles Education Data
Anthropic offers different products with different data handling characteristics. The distinctions matter for FERPA compliance.
Consumer Claude (Free, Pro, Max) presents significant concerns for educational use. Anthropic's privacy policy allows them to use conversation data for model training with consumer plans, though users can opt out. Even with the opt-out, data still transmits to Anthropic's servers, and retention periods apply.
Here's the critical point many educators miss: a "Pro" subscription is still consumer-grade in terms of data handling. The product name suggests professional use, but it doesn't provide the contractual protections educational institutions need.
Claude for Education is Anthropic's dedicated offering for schools. This tier operates under different terms, with Anthropic stating they only use data to train their models when given explicit permission and maintain security standards designed to meet compliance needs.
Claude API and Enterprise tiers provide more control. The API offers zero-data-retention configurations, and enterprise agreements can include specific data handling provisions. Deleted conversations are not used for training under any circumstance, and Anthropic states that collected data will never be sold to third parties.
Claude through Amazon Bedrock and Google Vertex AI maintains the existing privacy protections of those cloud platforms. For institutions already using AWS or Google Cloud with appropriate education agreements, this can be a cleaner compliance path.
The fundamental question for FERPA compliance is whether Anthropic qualifies as a "school official" under the "school official" exception to FERPA's disclosure restrictions. This requires direct school control over how Anthropic uses the data. Consumer products don't provide that control.
Where Claude Falls Short for Education
Even with appropriate tiers, gaps remain between Claude's capabilities and FERPA requirements:
The de-identification challenge. FERPA has a high standard for de-identification. Information is only considered de-identified if a reasonable person in the school community could not identify the student. AI systems are exceptionally good at re-identification. Combining seemingly innocuous details (grade level, extracurricular activities, academic performance patterns) can narrow down to specific students.
The "school official" complexity. For a vendor to qualify as a school official under FERPA, the school must maintain direct control over data use. This requires contractual agreements that specify permitted uses, prohibit re-disclosure, and give the school meaningful oversight. Consumer AI products don't provide this framework.
The audit trail problem. FERPA requires schools to document disclosures of education records. When student data flows through AI systems, those interactions need to be logged. Claude's standard offerings may not provide the granular audit trails that compliance officers need.
The training data concern. The 2025 Anthropic policy update raised questions. For consumer plans, Anthropic adjusted policies around data usage. While Claude for Education and enterprise tiers maintain strict no-training commitments, confusion between tiers can create accidental exposure.
The state law overlay. Beyond FERPA, 121+ state laws protect student privacy with varying requirements. About 20 states reference FERPA as the baseline for AI data handling, and about 12 states explicitly stress avoiding PII input into AI systems. Compliance requires navigating this patchwork.
Making Claude FERPA Compliant
There are two viable approaches for using Claude in educational settings:
Approach 1: Enterprise Tier with Contractual Controls
For institutions committed to AI integration, this path requires:
Step 1: Choose the right tier. Consumer Claude is off the table. Claude for Education, API access, or enterprise agreements provide the necessary foundation.
Step 2: Establish the contractual framework. Work with Anthropic (or your cloud provider if using Bedrock/Vertex) to ensure data processing agreements meet FERPA's "school official" requirements. The agreement must specify that Anthropic only uses data for purposes you authorize and gives you control over data handling.
Step 3: Configure data residency. Understand where data is processed and stored. Some state privacy laws have specific data residency requirements that affect AI vendor selection.
Step 4: Implement access controls. Not every educator needs access to AI tools for tasks involving student data. Limit access to those with legitimate educational interest and train them on appropriate use.
Step 5: Build audit infrastructure. Layer your own logging on top of whatever Claude provides. Record which users submitted which types of queries, when, and document the review process for AI outputs.
Step 6: Update policies. District technology policies need to address AI tools explicitly. Include approved tools, prohibited uses, data handling requirements, and consequences for violations.
Approach 2: Redaction-First Workflow
The more practical approach for most schools removes student identifiers before AI processing:
Step 1: Identify student PII. Before any data touches Claude, scan for direct identifiers (names, student IDs, SSNs, birthdates) and indirect identifiers that could enable re-identification.
Step 2: Replace with consistent placeholders. Convert student names to "[STUDENT-1]", grade levels to "[GRADE-X]", and specific identifying details to generic placeholders. Maintain consistency so the AI can track references across a document.
Step 3: Process sanitized content. Send redacted information to Claude. The AI can still assist with writing report cards, analyzing academic trends, or generating curriculum materials using placeholders instead of real identifiers.
Step 4: Reconstitute securely. If you need output with real student data, map placeholders back to actual identifiers within your Student Information System. The mapping stays within your FERPA-compliant environment.
Step 5: Never export the mapping. The placeholder-to-student mapping must remain within controlled school systems. Claude never sees actual student identifiers.
This approach means Claude never processes FERPA-protected information. What flows to Anthropic isn't student education records because identifying information has been removed. You get AI productivity benefits without creating compliance exposure.
Practical Implementation for Schools
Here's what FERPA-compliant AI workflows look like for common education use cases:
Report Card Comments
Risky workflow: Paste student records into Claude to generate personalized comments.
Compliant workflow:
- Export student data from your SIS
- Run through redaction to replace names and identifiers
- Submit to Claude: "Write report card comments for [STUDENT-1] based on these academic indicators, maintaining all placeholders"
- Review AI output (contains [STUDENT-1], [GRADE-X], etc.)
- Import into SIS where your system maps placeholders to actual students
IEP Development
Risky workflow: Upload student evaluation data to Claude to help draft IEP goals.
Compliant workflow:
- Redact all student identifiers from evaluation data
- Submit to Claude: "Based on these assessment results for [STUDENT-1], suggest measurable IEP goals for [DISABILITY-TYPE]"
- Review suggestions and refine
- Add student-specific details within your secure IEP management system
Curriculum Analysis
Risky workflow: Send class rosters with performance data to Claude for analysis.
Compliant workflow:
- Aggregate and anonymize data so individual students cannot be identified
- Submit aggregate patterns to Claude: "What interventions might help students showing this performance pattern?"
- Apply insights at the classroom level without processing individual records through AI
Parent Communication
Risky workflow: Ask Claude to draft parent emails about specific student situations.
Compliant workflow:
- Use redacted templates: "Draft an email to parents of [STUDENT-1] regarding [ACADEMIC-ISSUE]"
- Review and customize AI output
- Add student-specific details and send from your school email system
The Compliance Trajectory
Education AI governance is tightening. The Department of Education has doubled down on FERPA enforcement and transparency in 2025, making it clear that compliance is no longer a box-checking exercise. Schools are expected to demonstrate proactive protections.
Experts note that FERPA lacks clear cybersecurity requirements even though schools rely on hundreds of ed-tech tools. The next wave of FERPA enforcement will likely combine transparency requirements with explicit technology and security obligations.
A 2025 Center for Internet Security survey found that 82% of K-12 schools experienced at least one cyber incident between July 2023 and December 2024. The average breach costs $3.76 million for K-12 districts and $4.02 million for higher education institutions.
Schools that build proper AI governance now will be better positioned when regulations tighten. Those that wait will face the same requirements with less implementation time and more regulatory scrutiny.
The Bottom Line
Claude is not FERPA compliant by default. Consumer versions should never be used with student education records. Enterprise and education tiers can support compliant workflows with proper contractual frameworks and implementation controls.
For educational institutions that want AI productivity benefits without FERPA exposure:
- Treat consumer Claude as completely off-limits for any work involving student data
- Establish appropriate enterprise agreements if using Claude directly with student information
- Implement redaction workflows that strip student identifiers before AI processing
- Build audit logging that documents AI-assisted work
- Update district policies to address AI tools explicitly
- Train staff until the compliant pathway is second nature
The 37.6 million student records already exposed in data breaches represent children whose identities may be compromised for decades. The PowerSchool breach demonstrated that even trusted vendors can be compromised by a single determined attacker.
AI tools can genuinely help educators. Report card comments, curriculum development, administrative tasks: these use cases offer real time savings. But those benefits must be balanced against the privacy protections that students and families deserve.
Get the infrastructure right, and AI becomes a powerful tool that enhances education while protecting student privacy. Get it wrong, and you're adding to the breach statistics that already define education as the most attacked sector in cybersecurity.
PaperVeil lets you redact sensitive information from documents before they touch any AI system. Detect and remove student identifiers, family information, and education records automatically. Generate the audit trails that FERPA compliance requires. The redaction layer that makes AI document processing actually safe for education.