Student Record Redaction: GDPR and FERPA Guide for Schools

This article is for general informational purposes only and does not constitute legal advice. Regulatory requirements vary by jurisdiction and change over time. Consult a qualified legal professional for advice specific to your organisation's circumstances.

A primary school in Sunderland receives a Subject Access Request from a parent asking for every record the school holds about their child. At the same time, the SENCO is preparing an Education, Health and Care plan for a tribunal hearing, and the designated safeguarding lead is reviewing a referral to children's services. All three situations require someone to handle sensitive information about children correctly - often with no dedicated data protection resource and no legal team on call.

Schools sit in an unusual position under data protection law. The data they hold is among the most sensitive in any sector - medical history, family circumstances, developmental assessments, child protection concerns - and the consequences of getting it wrong are serious. Yet the resources available to get it right are often thin, particularly in maintained state schools operating under budget pressure.

This guide covers the main disclosure and redaction scenarios schools encounter: SAR responses, SEND tribunal document preparation, safeguarding records, school transfer, court-ordered disclosure, Ofsted inspections, and CME referrals. It covers UK GDPR obligations and, where relevant, the different framework that applies to schools in the United States under FERPA.

The records schools hold - and why they are sensitive

Schools accumulate substantial personal data over a pupil's time in their care. Beyond names and addresses, this routinely includes attendance records, behavioural incident logs, Special Educational Needs and Disabilities (SEND) assessments, Educational Psychology reports, safeguarding referrals and case notes, medical information, family background details, and communications between staff about individual pupils.

Several categories carry elevated sensitivity under UK GDPR Schedule 1 of the Data Protection Act 2018. Health data, information about criminal convictions, and data revealing a child's racial or ethnic origin all require stronger justification for processing and disclosure. Safeguarding records frequently contain all three.

The ICO publishes guidance specifically on education information and SARs, including the specific rights parents have to access their child's records and how those rights interact with the child's own developing rights as they mature. A child's right to access their own records is separate from a parent's right, and the two can come into tension in secondary education.

Responding to a SAR from a parent

When a parent submits a SAR for their child's records, the school has one calendar month to respond under Article 12(3) of UK GDPR. The clock runs from receipt of the request, not from when the school acknowledges it. For maintained schools, the obligation covers the full range of records held - not just those in the main pupil file.

Before releasing anything, the redaction question is: what information in these records relates to someone other than the child? Teacher names and contact details are not the child's personal data. References to other pupils - a behavioural incident involving multiple students, observations about a pupil's peer relationships - typically need to be redacted to protect those third parties. Internal staff opinions about a pupil's behaviour or progress are generally in scope: they are the child's personal data, even if unflattering.

There is one consistent exception worth flagging. Safeguarding records may contain information that, if disclosed, could place the child or another person at risk of harm. Under Section 45 of the Data Protection Act 2018, disclosure can be withheld where it would be likely to cause serious harm to the physical or mental health of the data subject or another person. This exemption is applied narrowly - the ICO does not accept routine child protection records as automatically exempt - but it exists precisely for high-risk disclosure decisions.

Schools with no dedicated DPO and no legal support can find SAR responses genuinely difficult. The free tier of redaction tools is a realistic starting point for a maintained primary school that receives the occasional SAR: it handles the detection and pixel-burn redaction of common identifiers without requiring IT procurement or software installation. Where volume increases or redaction decisions become complex, Core or Pro tiers add AI-assisted detection and audit trails.

SEND tribunals and EHCP document preparation

When a parent appeals to the First-tier Tribunal (SEND) - formerly SENDIST - the school and local authority are required to submit a Working Document, which typically includes the Education, Health and Care (EHC) plan, supporting assessments, correspondence, and school records. This bundle is shared with the tribunal, the parent, and in some cases the child's legal representatives.

Document preparation for SEND tribunals requires careful decisions about what to include and what to redact. Third-party information that is not relevant to the appeal - safeguarding material about unrelated concerns, information about siblings, references to other pupils - should generally be removed before the bundle is submitted. The EHCP itself rarely needs redaction of the child's information, since that is the subject matter of the proceedings. But associated records often contain incidental references that warrant attention.

Published guidance on the Working Document process is available from the Ministry of Justice and HMCTS. The SEND23 working document guidance sets out what should be included. What it does not tell you is how to redact the associated evidence bundle - that judgment falls to the school and local authority preparing it.

SEND coordinators and SENCOs preparing tribunal bundles are often doing so under time pressure, without legal support, and with limited familiarity with data protection obligations. Getting the redaction step wrong in a tribunal context - either over-redacting material the tribunal needs or under-redacting third-party information - creates problems on both sides. Permanent redaction of identified material, with a record of what was removed and why, is the defensible approach.

Safeguarding records: disclosure with particular care

Safeguarding records are subject to heightened handling obligations. They contain child protection concerns, referrals to children's services, records of multi-agency strategy discussions, and sometimes detailed family background information. Schools are expected to keep these records separate from the general pupil file, with restricted access.

Two disclosure scenarios arise regularly. First: a court or tribunal orders disclosure of safeguarding records as part of family proceedings. This is a legal obligation, and the school generally cannot refuse. But the order will typically specify what is required, and material outside the scope of the order can be redacted. Second: a parent requests their child's safeguarding records as part of a SAR. Here, the school must consider the DPA 2018 Section 45 exemption carefully, taking advice where the content relates to current or ongoing concerns.

The ICO launched updated guidance for the education sector on data sharing to support child safeguarding, which covers the lawful basis for sharing information with children's services, police, and other agencies. The guidance makes clear that data protection law is not a barrier to sharing information where safeguarding concerns exist - but that sharing should be proportionate and purposeful.

Records on transfer and Ofsted inspections

When a pupil transfers to another school, records follow them. The receiving school's legitimate interest in the pupil's educational history, SEND status, and safeguarding concerns justifies transfer. But not everything transfers. Administrative communications that refer to other pupils, internal staff assessments not relevant to the new school's purposes, or family information beyond what the receiving school needs should be reviewed before transfer rather than bundled wholesale.

Ofsted inspections create a different challenge. Inspectors are entitled to access pupil records during an inspection, but their access is to records held for educational purposes - not a general right to review everything the school holds. Schools should understand what records inspectors can request and which categories (such as detailed safeguarding case files managed by the local authority rather than the school) sit outside what the school itself is expected to produce.

Children missing education (CME) referrals - where a school reports a child believed to be missing from education to the local authority - involve sharing personal data with a statutory recipient for a statutory purpose. The referral should contain what the local authority needs to locate the child; it should not contain unrelated safeguarding detail or information about siblings not relevant to the specific concern.

Redacting school documents: the practical steps

The process is the same regardless of which disclosure trigger applies:

• Convert documents to PDF if they are in Word, Excel, or other editable formats. Redacting within native Office formats risks leaving data in revision history, comments, or tracked changes.
• Run automated PII detection to catch standard identifiers: names, dates of birth, addresses, NHS numbers, contact details, and reference numbers. This handles the volume.
• Review manually for contextual identifiers - information that does not look like PII but could identify a child, family member, or third party in context.
• Apply pixel-burn redaction, not overlay. Overlay is reversible. Pixel-burn permanently destroys the underlying text.
• Verify before sending: try to select text in redacted areas, and search for strings you know were redacted.

Maintaining a brief redaction log - noting what was removed from each document and under which exemption - is good practice even where not legally required. It is the record you will need if a disclosure decision is later challenged.

For a broader overview of the redaction process, our guide to redacting documents for disclosure covers the full workflow in detail. If your school is working towards a written redaction policy, our redaction policy template is a practical starting point.

Frequently asked questions