I am leading the development of a student information system product.<p>There is a disagreement with my product team and a different department on if our access control is FERPA compliant. I am building a document and making my case to our legal department.<p>Does anyone know of any resources that give examples of what is and what is not FERPA compliant, specifically related to EdTech? Specifically for software that only school administrators will be using?<p>The verbiage in the law is vague, and the only examples I see are so far removed from the particular nuance of what we are debating. The examples I can find are like “football coach telling the team his running back isn’t playing because he’s failing math”. But our sticking point is an extremely nuanced level of access based off a permutation not supported in our inheritance structure. It is literally the only case out of 200 that our architecture doesn’t support without massive changes.