Daystage
Teacher reviewing privacy compliance requirements for school newsletters
Guides

School Newsletter Compliance: What Teachers Need to Know About FERPA, COPPA, and Privacy

By Dror Aharon·February 16, 2026·9 min read
Checklist of compliance requirements for school newsletter privacy laws

Privacy laws affect school newsletters more than most teachers realize. Not because newsletters are high-risk in general, but because they involve student information, parent contact data, and digital communication infrastructure. This guide covers the legal framework in plain language, without legal advice. For specific guidance on your school's legal obligations, consult your district's legal counsel.

FERPA: What it covers and what it means for newsletters

FERPA (Family Educational Rights and Privacy Act) is the primary US federal law governing student educational records. It restricts what educational institutions can share about individual students without parent consent.

For classroom newsletters, FERPA is relevant when newsletters include:

  • Individual student names in context that identifies their academic performance, behavior, or other educational records
  • Photos that identify specific students (name + image combined)
  • Discipline or behavioral information about specific students
  • Grade information, test scores, or academic performance for named students

What FERPA does not restrict: general classroom information ("we are studying fractions this week"), collective student information without identification ("the class did well on the science quiz"), or information that does not come from educational records.

The practical rule for school newsletters: write about the class collectively, not about individual students by name in a way that reveals educational record information. "Marcus is reading at a 2nd grade level" in a newsletter sent to the whole class list is a FERPA concern. "We are starting differentiated reading groups this week" is not.

Student photos and image consent

Most school districts require parent consent before publishing photos of students in any context outside the classroom: school websites, newsletters, social media, or physical publications. This consent is typically collected at enrollment through a media release or photo consent form.

Before including any student photos in your newsletter:

  1. Verify your school's photo policy with your main office or principal
  2. Confirm which students have photo consent on file
  3. Do not publish photos of students without confirmed consent, even in a "closed" parent newsletter (it is not truly closed once it is in email)

When you want to show classroom activity without photo consent complications: photograph student work (without student names visible), classroom materials, or the physical classroom environment. These do not identify students and do not require consent.

COPPA and student data in newsletter tools

COPPA (Children's Online Privacy Protection Act) restricts the collection of personal data from children under 13 without verifiable parental consent. COPPA applies to the newsletter tool's data practices, not just to newsletter content.

When you use a school newsletter tool, check: does the tool collect any data about students directly? Most newsletter tools are designed for teacher-to-parent communication and collect only parent email addresses, not student data. This is the correct approach for COPPA compliance.

Tools that ask teachers to create student accounts, collect student names and grades, or enable student login are collecting student data and must handle COPPA compliance appropriately. Ask your district's technology coordinator whether any newsletter tool you use has a signed COPPA-compliant agreement with the school or district.

Daystage collects subscriber email addresses (parent emails) and newsletter engagement data (opens, clicks). It does not collect student personal data and does not require student accounts. This is the correct privacy profile for a teacher-to-parent newsletter tool.

CAN-SPAM: Requirements for email newsletters

CAN-SPAM (Controlling the Assault of Non-Solicited Pornography And Marketing Act) applies to commercial email, but its requirements function as practical guidance for any bulk email, including school newsletters. CAN-SPAM requires:

  • A physical address in the email (usually the school's address in the footer)
  • A clear way to unsubscribe from future emails
  • Honoring unsubscribe requests within 10 business days
  • Accurate sender information (the from name and email address must identify who is actually sending)
  • Non-deceptive subject lines (the subject line must accurately reflect the email's content)

Reputable newsletter tools, including Daystage, handle most of these requirements automatically. The school's address in the footer comes from the school profile setup. The unsubscribe link is added automatically to every email. Unsubscribe requests are processed without teacher involvement.

What teachers should verify: that the school's physical address in the newsletter footer is accurate, and that the from-email address is a real address that can receive replies.

GDPR and international considerations

GDPR (General Data Protection Regulation) is a European Union privacy regulation that applies when schools have parents who are EU residents or when the newsletter tool is hosted in the EU. Most US public schools do not have significant GDPR exposure, but some private schools with international enrollment may.

GDPR's core requirements relevant to school newsletters: lawful basis for processing parent email addresses (consent or legitimate interest), parent right to access and delete their data, and breach notification requirements. If your school has EU families, consult your legal counsel on GDPR applicability.

Practical compliance checklist for newsletter tools

Before committing to a school newsletter tool, verify:

  1. The tool has a privacy policy and terms of service that you can share with your district
  2. The tool offers a signed data processing agreement (DPA) for schools that require it
  3. The tool does not collect student personal data (only parent email addresses)
  4. The tool includes unsubscribe links in every email automatically
  5. The tool includes the school's physical address in the email footer
  6. The tool's data is stored in a region compatible with your school's data residency requirements

What to do when in doubt

Privacy law questions that go beyond this guide belong to your district's legal counsel or technology coordinator, not to a newsletter tool's help documentation. Your district likely already has approved vendor lists and data processing agreement templates. Check whether the newsletter tool you want to use is on the approved list before signing up for a paid plan.

For individual classroom teachers on free plans: the primary compliance action items are checking the tool's privacy policy, not including individual student educational record information in newsletters, and verifying photo consent before publishing student images.

The bottom line

School newsletter compliance is not complicated for typical classroom use. Write about the class collectively, not about individual students. Verify photo consent before using student images. Use a newsletter tool that includes unsubscribe links and a school address automatically. For anything beyond these basics, your district's legal and technology teams are the right resource.

Ready to send your first newsletter?

40 newsletters per school year, free. No credit card. First one ready in under 5 minutes.

Get started free