FERPA, COPPA, and Coach Evaluations: What Athletic Directors Need to Know

Why Compliance Matters for Coaching Evaluations

When you ask student-athletes to complete a coaching evaluation survey, you're collecting data from minors in a school setting. Depending on how the survey is designed and distributed, federal privacy laws may apply.

The two relevant laws are FERPA (Family Educational Rights and Privacy Act) and COPPA (Children's Online Privacy Protection Act). Both regulate how information about minors is collected, stored, and used. Neither was written with coaching evaluations in mind, but both can apply if the survey is designed in certain ways.

The good news: compliance isn't complicated if you understand what triggers each law and design your evaluation process accordingly. Most compliance concerns can be avoided entirely through thoughtful survey design.

This post explains how each law applies to coaching evaluations, identifies the design choices that create compliance obligations, and provides practical guidance for running legally sound evaluation programs.

FERPA: The Basics

FERPA protects the privacy of student education records in schools that receive federal funding. This includes virtually every public school and most private schools in the United States.

Under FERPA, education records are any records maintained by a school that are directly related to a student. This includes grades, transcripts, disciplinary records, and any other documents that contain personally identifiable information (PII) about a student.

FERPA gives parents the right to:

• Access their child's education records
• Request corrections to inaccurate records
• Consent to the disclosure of PII from education records (with certain exceptions)

When a student turns 18, these rights transfer to the student.

The key question for coaching evaluations: Does the survey create an education record?

When FERPA Applies to Coaching Evaluation Surveys

A coaching evaluation survey triggers FERPA obligations when it collects student personally identifiable information and the responses are maintained by the school.

PII under FERPA includes:

• Student name
• Student ID number
• Student email address (school-issued)
• Date of birth
• Social Security number
• Any information that, alone or in combination, could identify a specific student

If your evaluation survey asks athletes to log in with a school account, enter their name, or provide a student ID, the responses become education records tied to an identifiable student. At that point, FERPA applies, and you need parental consent to collect the data (or the survey falls under a recognized FERPA exception).

The "Directory Information" Exception

FERPA allows schools to disclose "directory information" without consent. Directory information typically includes a student's name, address, telephone number, and similar items. However, survey responses are not directory information. They contain the student's opinions and experiences, which go well beyond basic identifiers.

The "School Official" Exception

FERPA permits disclosure of education records to school officials with a legitimate educational interest. An Athletic Director reviewing evaluation data that includes student PII could potentially fall under this exception, but relying on it creates administrative overhead. You'd need to ensure that the survey responses are treated as education records with all the protections that entails: secure storage, access controls, parent access rights, and retention policies.

The Simplest Path: Don't Collect Student PII

The cleanest approach to FERPA compliance is to design evaluation surveys that don't collect student PII in the first place. If the survey doesn't ask for names, student IDs, email addresses, or any identifying information, and responses can't be linked back to individual students, the responses are not education records under FERPA.

This means:

• No student login required
• No name field on the survey
• No student ID or email collection
• Distribution via anonymous QR codes or generic links, not personalized URLs
• Responses stored without any student identifiers

When evaluation surveys are truly anonymous, FERPA simply doesn't apply to the survey responses. This eliminates an entire category of compliance concerns.

COPPA: The Basics

COPPA regulates the online collection of personal information from children under 13. It applies to websites and online services directed at children, or that have actual knowledge that they're collecting information from children under 13.

Under COPPA, operators must:

• Post a clear privacy policy
• Provide notice to parents about data collection practices
• Obtain verifiable parental consent before collecting personal information from children under 13
• Give parents the ability to review and delete their child's information
• Maintain the confidentiality, security, and integrity of collected data

"Personal information" under COPPA includes: name, email address, phone number, physical address, Social Security number, photos, videos, audio recordings, geolocation, and persistent identifiers (like cookies or device IDs) that can be used to track a child across websites.

When COPPA Applies to Coaching Evaluation Surveys

COPPA is primarily relevant for middle school athletic programs, or any program that includes athletes under 13. Most high school athletes are 14-18, placing them outside COPPA's scope. But if your athletic department includes 7th and 8th graders (common in programs that combine middle and high school athletics), COPPA may apply.

COPPA applies when:

1. The evaluation platform is an "online service." Web-based survey tools qualify.
2. The platform collects "personal information" from children under 13. If the survey asks for a name, email, or any other personal identifier from a student under 13, COPPA is triggered.
3. The platform is "directed at children" or has "actual knowledge" of collecting from children under 13. A coaching evaluation platform used in schools has actual knowledge that some respondents may be under 13.

Parental Consent Under COPPA

If COPPA applies, you need verifiable parental consent before collecting personal information. "Verifiable" means more than just a checkbox. The FTC requires methods that provide reasonable assurance that the person giving consent is actually the child's parent. Accepted methods include signed consent forms, credit card verification, and government ID verification.

For a coaching evaluation survey, this level of consent is impractical. It would require individual parental consent for every athlete under 13 before they could complete a survey, creating a significant administrative burden and likely reducing participation to the point where the data isn't reliable.

The Simplest Path: Don't Collect Personal Information

Just as with FERPA, the cleanest COPPA compliance strategy is to avoid collecting personal information from minors entirely. If the survey doesn't ask for names, emails, phone numbers, or any other personal identifier, and the platform doesn't set persistent tracking cookies or collect device identifiers, COPPA's consent requirements don't apply.

Anonymous survey access through QR codes, with no account creation, no login, and no personal information collection, avoids triggering COPPA regardless of the respondent's age.

Best Practices for Compliance

1. No Student Accounts

Do not require students to create accounts on your evaluation platform. Accounts require personal information (at minimum a username and password, often an email). This creates FERPA records and potentially triggers COPPA consent requirements.

Instead, use anonymous access methods. QR codes distributed at practice let athletes access the survey on their personal devices without logging in. The survey collects their responses without any link to their identity.

2. No Email Collection from Students

Email addresses are personally identifiable information under both FERPA and COPPA. Don't collect them from student respondents. If you need to distribute surveys to parents, collect parent email addresses through existing school communication channels, not through the students.

3. QR Code Distribution

In-person QR code distribution at practice is the gold standard for compliance and participation. The coach or Athletic Director displays a QR code. Athletes scan it with their phones. The survey opens in a browser without any login. No personal information is collected. No accounts are created.

This method:

• Avoids FERPA concerns (no student PII collected)
• Avoids COPPA concerns (no personal information from minors)
• Produces high completion rates (90%+ when done during practice)
• Takes 2-3 minutes of team time

4. Minimum Response Thresholds

Even when surveys are anonymous, small response groups can make individual respondents identifiable. If only 2 athletes respond, their individual responses are essentially visible in the aggregate data.

Set a minimum threshold (typically 5 responses) below which data from a rater group is not displayed. This protects individual privacy even in anonymous surveys and prevents situations where a respondent could be identified through context ("I was one of only three freshmen on the team").

5. Comment Screening for Identifying Information

Student-athletes sometimes include identifying details in open-ended responses without realizing it. "As the team captain, I think..." or "During the game where I had 20 points..." reveal the writer's identity.

AI-powered comment screening catches these instances and flags them for your review. You can redact the identifying details while preserving the substantive feedback. This protects the respondent's anonymity and avoids creating an indirect PII link in the evaluation data.

6. Data Retention Policies

Both FERPA and COPPA emphasize data minimization. Don't retain data longer than necessary. Evaluation data should be stored only as long as it serves a legitimate educational or administrative purpose.

Define clear retention periods:

• Active evaluation data: retained for development conversations and longitudinal tracking
• Archived evaluation data: retained for a defined period (3-5 years is common) for personnel documentation
• Deleted after retention period: data is permanently removed from the platform

Document these policies and share them with stakeholders.

Common Misconceptions

"We need parental consent for any student survey."

Not necessarily. FERPA and COPPA consent requirements are triggered by the collection of personal information. Truly anonymous surveys that don't collect student PII don't require FERPA consent. COPPA consent is only required when personal information is collected from children under 13.

Some states and districts have additional survey consent requirements (like the Protection of Pupil Rights Amendment, or PPRA), which may require consent for surveys on certain sensitive topics. Check your state and district policies, but don't assume that all student surveys require parental consent by default.

"Anonymous surveys are never really anonymous."

Properly designed anonymous surveys are genuinely anonymous. When no login is required, no name is collected, no email is recorded, no device identifier is stored, and responses are accessed through a generic QR code, there is no mechanism to link a response to a specific student. The data literally does not exist to make the connection.

The risk to anonymity comes from small sample sizes (where context can identify respondents) and from self-identifying comments. Both are addressable through minimum response thresholds and comment screening.

"FERPA prevents us from sharing evaluation results with coaches."

FERPA protects student records, not coaching evaluation reports. If the evaluation survey doesn't collect student PII, the resulting coach report is not a student education record. It's an employee performance document. Sharing aggregated, anonymous feedback data with a coach raises no FERPA concerns.

If for some reason your survey did collect student PII, the aggregate report (which doesn't identify individual students) would generally be permissible to share under the school official exception. But again, the simplest path is to avoid collecting student PII in the first place.

"COPPA only applies to websites for kids."

COPPA applies to any online service that collects personal information from children under 13 with actual knowledge. A school-directed evaluation platform has actual knowledge that some users may be under 13. The protection is based on the age of the user, not the intended audience of the platform.

State-Level Considerations

Beyond FERPA and COPPA, some states have additional student privacy laws that may affect how you run evaluation surveys. Examples include:

• State student data privacy acts that impose additional restrictions on the collection and use of student data by third-party vendors
• Student survey consent laws that require parental notification or consent for surveys on certain topics
• Biometric data laws that restrict collection of biometric identifiers (generally not relevant for survey-based evaluations, but worth noting)

Check with your district's legal counsel or privacy officer about state-specific requirements. The anonymous survey design recommended in this guide will satisfy most state-level requirements, but confirm before assuming.

A Compliance Checklist for Athletic Directors

Before launching a coaching evaluation survey, verify:

• [ ] The survey does not require student accounts or logins
• [ ] The survey does not collect student names, IDs, or email addresses
• [ ] Survey distribution uses anonymous QR codes or generic links
• [ ] A minimum response threshold is set (5+ responses per rater group)
• [ ] Open-ended comments are screened for identifying information before coaches see them
• [ ] Data retention policies are documented and followed
• [ ] The evaluation platform's privacy policy is reviewed and acceptable
• [ ] State and district-specific survey requirements have been checked

If you can check every item on this list, your evaluation program is well-positioned for compliance with both FERPA and COPPA.

Getting Started

Compliance concerns should inform your evaluation design, not prevent you from evaluating coaches. The requirements are straightforward: don't collect personal information from student respondents. Use anonymous access methods. Screen comments for identifying details. Set minimum response thresholds.

These practices aren't just about legal compliance. They're about good evaluation design. Anonymous surveys produce more honest feedback. Comment screening protects coaches from harmful responses. Minimum thresholds ensure data reliability. The steps that make your evaluation legally sound are the same steps that make it produce better data.

If you're evaluating your options for coach evaluation software, confirm that any platform you consider supports anonymous QR code access, enforces minimum response thresholds, and provides comment screening for identifying information. These aren't premium features. They're baseline requirements for a compliant, effective evaluation program.