The incident superintendents fear
An administrator asks Copilot to “email parents about tomorrow's schedule change for the basketball team.” The draft pulls a roster with student names, includes an IEP accommodation note from a shared folder, and cc's a listserv that includes community partners not authorized for student data.
Nobody meant to violate FERPA. There was no approval gate before send — and no log showing which student fields Copilot accessed.
Why acceptable use policies aren't enough
Most districts published AI guidance in 2024–2025. Staff still use Copilot daily because it saves time. The enforcement gap is at action: sending email, exporting rosters, updating SIS fields — not drafting lesson ideas.
- Student information systems connected to admin workflows
- Shared drives with IEP and discipline records mixed with general docs
- ChatGPT Enterprise plugins reaching ticketing or transportation systems
- Parent portals updated from AI-generated summaries
Controls a small district IT team can maintain
Student PII export blocked by default
Bulk roster downloads and copy-out flows require administrator approval and logging.
Parent & community email approval
Messages that include identifiable student information route to principal or FERPA designee.
Role-based access to sensitive folders
AI inherits user permissions — tighten folders first, then enforce action-level policy.
Audit trail for board and counsel
Document what AI accessed and who approved outbound communication.