Philterd

Talk to an Expert

Tell us about your stack and the privacy problems you're trying to solve. We typically respond within one business day.

Prefer to skip the form? Pick a time on our calendar →
or send a message

← All policies

Education · Philterd

FERPA Student Records Redaction

Remove personally identifiable information from student educational records per FERPA (20 USC 1232g; 34 CFR Part 99).

View policy → Download JSON → View source on GitHub
v1.0.0 Updated 2026-05-18 Philter >=3.0.0 By Philterd
FERPAeducationK-12higher-edstudent records20 USC 1232g

The policy

The full ferpa-student-records.json file — the same content you’d get by downloading. Copy any part of it, or use the buttons in the hero to grab the whole file.

{
  "name": "ferpa-student-records",
  "config": {
    "splitting": {
      "enabled": false,
      "threshold": 4000
    }
  },
  "ignored": [],
  "identifiers": {
    "personsName": {
      "personsFilterStrategies": [
        {"strategy": "REDACT", "redactionFormat": "[STUDENT]", "conditions": "confidence > 60"}
      ]
    },
    "date": {
      "onlyValidDates": true,
      "dateFilterStrategies": [
        {"strategy": "REDACT", "redactionFormat": "[REDACTED-DATE]", "conditions": "context == \"birth\""}
      ]
    },
    "ssn": {
      "ssnFilterStrategies": [
        {"strategy": "REDACT", "redactionFormat": "[REDACTED-SSN]"}
      ]
    },
    "phoneNumber": {
      "phoneNumberFilterStrategies": [
        {"strategy": "REDACT", "redactionFormat": "[REDACTED-PHONE]"}
      ]
    },
    "emailAddress": {
      "emailAddressFilterStrategies": [
        {"strategy": "REDACT", "redactionFormat": "[REDACTED-EMAIL]"}
      ]
    },
    "address": {
      "addressFilterStrategies": [
        {"strategy": "REDACT", "redactionFormat": "[REDACTED-ADDRESS]"}
      ]
    },
    "identifiers": [
      {
        "id": "student-id",
        "pattern": "\\b(?:SID|STUDENT[\\s-]?ID)[\\s:#]*\\d{6,}\\b",
        "caseSensitive": false,
        "identifierFilterStrategies": [
          {"strategy": "REDACT", "redactionFormat": "[REDACTED-SID]"}
        ]
      },
      {
        "id": "lunch-id",
        "pattern": "\\b(?:LUNCH[\\s-]?ID|MEAL[\\s-]?ID)[\\s:#]*\\d{4,}\\b",
        "caseSensitive": false,
        "identifierFilterStrategies": [
          {"strategy": "REDACT", "redactionFormat": "[REDACTED-LUNCHID]"}
        ]
      }
    ]
  }
}

Example

Input

Student Sarah Johnson (SID 887623, born 2008-09-15) earned a B+ in Algebra II during Spring 2025. Contact parent at jjohnson@example.com or (555) 867-5309.

Output

Student [STUDENT] ([REDACTED-SID], born [REDACTED-DATE]) earned a B+ in Algebra II during Spring 2025. Contact parent at [REDACTED-EMAIL] or [REDACTED-PHONE].

Entities this policy acts on

STUDENTDATESSNPHONEEMAILADDRESSSTUDENT_IDLUNCH_ID

What this policy does

Redacts personally identifiable information from student educational records as defined by the Family Educational Rights and Privacy Act (FERPA) — the federal law governing disclosure of student records by schools that receive federal funding.

This policy targets the PII fields that identify a specific student:

  • Student names — redacted to [STUDENT] (confidence-gated to avoid misfires on school names, building names, and common nouns)
  • Birthdates — fully redacted when the date appears in a birth-related context
  • SSNs — fully redacted (rare in modern student records but still appears in older systems and financial-aid forms)
  • Phone, email, address — redacted (student or parent contact information)
  • Student IDs — redacted with a custom identifier pattern (default matches SID 887623, Student-ID: 887623, etc.)
  • Lunch/meal program IDs — redacted (these are educational-record-linked identifiers under FERPA)

It preserves the educational substance: grades, course names, term/semester references, narrative observations, attendance summaries. Those are the records’ actual content; you usually want them for the analytical or operational purpose the redacted records are being used for.

When to use this

  • Sharing data with external evaluators or researchers (school districts running effectiveness studies with university partners)
  • Inter-district transfers of de-identified cohort data for benchmarking
  • Reporting to state education agencies where the requested record doesn’t need to be student-linkable
  • EdTech vendor data sharing under written consent or under FERPA’s school-official exception
  • Internal analytics across schools where the analytics team shouldn’t have access to identified records

When to customize

  • Directory information. FERPA permits schools to disclose certain “directory information” (typically name, address, phone, dates of attendance, photographs, awards, participation in officially recognized activities) without consent — provided parents/students have been notified annually and given the opportunity to opt out. If you’ve collected directory-information opt-outs and want a less-aggressive variant for the opt-in records, remove the personsName and address entries (or build a parallel ferpa-directory-allowed.json policy).
  • Student ID format. The default regex matches SID 887623, Student ID: 887623 with 6+ digits. Replace with your district’s actual format (state IDs, federal IDs, or proprietary SIS identifiers).
  • Confidence threshold. > 60 for names is moderate. School records have many proper nouns (school names, building names, district names, sports teams) that Philter can occasionally misclassify as personal names. Raise to > 75 if you see false positives.
  • Parent/guardian names. Not separately tagged — they get caught by personsName like any other name. If your use case treats parent contact info differently (e.g., emergency outreach preserved, marketing redacted), build a custom variant.
  • Special-education and IEP records. These often contain additional sensitive content (disability diagnoses, medical history, behavioral observations) that go beyond standard FERPA PII. Pair this policy with a healthcare/PHI policy when redacting IEP narratives.

Compliance notes

  • FERPA applies to schools that receive funding under any program administered by the U.S. Department of Education — K-12 public schools, charter schools, post-secondary institutions, and certain private schools.
  • “Educational records” are interpreted broadly: grades, transcripts, disciplinary records, counseling notes, special-education records, financial-aid records, attendance, and most narrative records maintained by school officials.
  • Schools must obtain written consent from parents (or the student, once age 18 or attending post-secondary) before disclosing PII from educational records — subject to specific exceptions (school officials with legitimate educational interest, other schools the student is transferring to, audit/evaluation, etc.).
  • This policy redacts PII fields, but does not by itself constitute de-identification under FERPA’s standards (34 CFR 99.31(b)). True de-identification under FERPA requires a “reasonable determination” that a student’s identity is not personally identifiable, considering all available information. Statistical evaluation is recommended for records shared as de-identified.
  • State laws (e.g., the California Student Online Personal Information Protection Act — SOPIPA) may impose additional or stricter requirements. This policy is FERPA-baseline.

References

Use this policy

Download and load into your running Philter instance:

# Download the policy
curl -O https://raw.githubusercontent.com/philterd/pii-redaction-policies/main/policies/philterd/education/ferpa-student-records.json

# Upload to your Philter instance
curl -X POST http://localhost:8080/api/policies \
     -H "Content-Type: application/json" \
     --data @ferpa-student-records.json

# Redact text using the policy
curl http://localhost:8080/api/filter?p=ferpa-student-records \
     --data "your text here" \
     -H "Content-Type: text/plain"

No Philter instance yet? Deploy one in 5 minutes → · Want to tune this policy against your data? Talk to the team.

← All policies