All posts by admin

Blog

Chicago Board Of Ed Should Overhaul Or Cancel Telehealth Counseling Contract

MEDIA RELEASE

October 9, 2025

CONTACT:
Cassie Creswell
Illinois Families for Public Schools
773-916-7794

Advocacy Orgs Call On Chicago Board Of Ed To Overhaul Or Cancel Telehealth Counseling Contract

CHICAGO — Yesterday five advocacy organizations sent a letter to the Chicago Board of Education and Chicago Public Schools Superintendent-CEO Macqueline King calling on them to cancel CPS’ contract with Hazel Health, a for-profit tech company providing mental health services to CPS high school students, or remedy the lack of protections for sensitive student data before the contract renews automatically on December 31, 2025.

Illinois Families for Public Schools, Legal Action Chicago, Legal Council for Health Justice, NAMI Chicago, NASW-Illinois Chapter, and the Parent Coalition for Student Privacy urged the Board to fix the lack of data protections in the contract and the consent form that parents sign in order for students to get services, along with ending the illegal targeted advertising on the Hazel website where families sign up for the program. If these significant issues can’t be rectified, then the contract should be canceled altogether.

Logos of five organizations: Illinois Families for Public Schools, Legal Action Chicago, Legal Council for Health Justice, NAMI Chicago, NASW-Illinois Chapter, and the Parent Coalition for Student PrivacyCPS contracted with Hazel Health starting last fall, and the contract will renew automatically for the first of four two-year terms on December 31, 2025 if the Board does not take any action before Dec 1. The contract is no-cost; students’ public or private insurance is billed, and additional costs appear to be covered by funding from United Healthcare. If no changes are made, the contract will run through 2033; it did not require any previous Board vote as a no-cost contract delegated to administrative approval only.

Hazel Health is a privately-held health tech startup formed in 2015 to provide both physical and mental healthcare telehealth services to public school students. A consortium of investors led by private equity firm Bain Capital hold the majority of Hazel shares, and the company has contracts with more than 180 school districts in 19 states, including many of the country’s largest: Los Angeles, Philadelphia, Houston, Miami, Jeffco (Colorado), Clark County (Nevada), and Fairfax County (Virginia). Hazel Health recently merged with an AI-based mental health startup, Little Otter, according to Axios.

Illinois’ state Student Online Personal Protection Act (SOPPA) has strong prohibitions on school contractors using students’ personally-identifiable information (PII) for commercial purposes, including targeted advertising, along with robust requirements for keeping data secure. Hazel’s parental consent form states that a student’s PII may be stolen and that the company can use their data for product development and research. The landing page that CPS sends parents to on the Hazel site has marketing trackers from Alphabet (Google’s parent company) and Amazon. Hazel’s own privacy policy says that they also have trackers from Facebook on their site.

Illinois Families for Public Schools executive director Cassie Creswell, who has been worried about how Hazel is treating student data since the district rolled out these services in March, said, “As a Chicago Public Schools parent myself, I know there is major unmet demand for therapy and counseling for students, but a no-cost contract with a for-profit company raises huge red flags about whether students are paying for this care with their data, which, frankly, is too high a price when it comes to the most sensitive possible data about minor children.”

CPS’s contract with Hazel Health provides no information about what medical, disability, counseling or mental health data the company collects, holds or generates. The company’s services are provided via video conferencing, so potentially the company is holding audio and video recordings, automatic transcriptions, counseling notes, medical, behavioral or disciplinary records, biometric information and more.

Under SOPPA, data should be cataloged in the contract between CPS and Hazel, but the current contract only includes a short list of rostering information, like a student’s name, email, grade level and parent contact information. In the wake of Hazel’s merger with health startup Little Otter, data that Hazel holds may be shared and used for training Little Otter’s AI platform.

CPS has been referring families to Hazel Health since March, and, in response to the Trump administration’s ramping up federal law enforcement and military presence in Chicago, has highlighted Hazel as a resource for students, including those in immigrant and mixed status families, LGBTQ+ students, and Black and Brown communities, who are experiencing anxiety and undergoing trauma.

“Protecting the personally-identifiable information and incredibly sensitive mental health data of students in vulnerable communities is especially crucial right now, and it is worrisome that families are being directed to a service with major unanswered questions about the level of protection of their data,” added Creswell.

“No school district should outsource its responsibility for protecting student confidentiality to private investors. CPS has a moral and legal obligation to ensure that every mental health partnership upholds the same privacy and professional standards that licensed clinicians follow every day,” said Kyle Hillman, director of legislative affairs for the National Association Of Social Workers – Illinois Chapter.

In a statement, Legal Council for Health Justice also expressed serious concerns about the use of Hazel Health’s services: “We fully support CPS’ goal of offering mental health treatment options to their students, but we can’t endorse a contract with an entity that takes so little responsibility for the security of sensitive information about those students.”

“We have also encountered overly lax privacy protections for student telehealth mental health services in New York City. But the agreement signed by Chicago Public Schools is among the worst we’ve ever encountered. The extremely sensitive personal data of students is being illegally sacrificed for commercial purposes and targeted ads in a manner that could seriously worsen their safety and emotional health,” said Leonie Haimson, co-chair of the Parent Coalition for Student Privacy.

There have been several significant ransomware attacks on school districts’ mental health data in recent years, including Los Angeles and Minneapolis. A major breach of a Finnish mental healthcare startup in 2020 resulted in blackmail attempts and deaths by suicide. CPS itself had a ransomware attack that exposed data of more than 700K students’ in early 2025, including Medicaid ID numbers.

About Illinois Families for Public Schools

Illinois Families for Public Schools (IL-FPS) is a statewide, grassroots, non-profit 501c4 advocacy group founded in 2016. IL-FPS is the voice of public school families in Springfield and across the state, advocating to defend and improve Illinois public schools. More at ilfps.org.

About the Parent Coalition for Student Privacy

The Parent Coalition for Student Privacy (PCSP) is a national grassroots advocacy organization, founded in 2014, which built on the success of parent advocates to stop the creation of inBloom, a national database of K-12 student data to be used for commercial purposes. PCSP includes parents from nearly every state and assists families in addressing individual and systemic threats to student privacy. More information at studentprivacymatters.org

###

Blog

How NYC parents can opt out of data sharing and protect their child’s privacy

 Important update:  Our special privacy briefing via Zoom has been rescheduled to Wed. Oct. 22 at 6 PM! 

Oct. 6, 2025

In May 2025, the NYC Department of Education revised Chancellor’s regulations A-820, to authorize DOE and schools to disclose a category of student personal data called Directory Information for the first time within the school  or to non-school vendors, as long as parents were provided with the right to opt out.

Yet the instructions for parents on how to opt out on the DOE website are difficult to access and understand, requiring clicks across many webpages and forms.  In some cases, the webpages omit key details, including which grade levels these disclosures apply to and the deadlines for opting out.  In at least case, the deadline listed is from last year and in the case of disclosures to charter schools requires that you know your child’s OSIS number.

  1. How to opt out of the disclosure of your child’s Directory Information

To simplify the opt out process for parents, the Parent Coalition for Student Privacy has developed a simple one page opt out form that offers all this information in a clear and organized fashion, and can be printed, filled out and handed in at your child’s school.

To be clear, this is an unofficial form that we have created based on the opt out form used by Los Angeles public schools.  Though we repeatedly urged DOE to create a similar form, they have refused to do so.  Still, we recommend you print this form , fill it out and hand it in at your school as soon as possible.

  • In any case, to ensure that the DOE recognizes your intention to opt out, you should also check our instructions on how to opt out of four different directory information disclosures that DOE intends to make: to charter schools, the military and/or colleges for recruitment purposes, as well as the National Student Clearinghouse.
  • Also, here are  instructions on how opt out of the NYC Kids Rise savings program, which DOE and the company have made especially complicated.
  • Your school is also supposed to provide you with a separate opt-out form for whatever disclosures they intend to make to other organizations and/or purposes, as well as specific information about what data will be disclosed in each case if you do not opt out. If you haven’t received that form, ask your principal or Parent Coordinate for it asap.
  • If any of these disclosures are being made to companies or individuals outside of the school community, there must also be a written agreement or contract that protects the confidentiality of your child’s personal data. This is the only significant change that we managed to convince DOE to make to improve their initial proposed regulations.  Ask your principal to provide that written agreement.

Additional questions parents should be asking about their children’s privacy and ed tech at their schools

In any case, it is important to note that  the instructions above only deal with the category of directory information provided to non-school vendors, generally for non-educational purposes.

DOE and individual schools have signed up with more than 500 ed tech companies to provide various types of services and programs, each of which collect and process personal student  data, much of it extremely sensitive.  As a result, NYC students have suffered multiple damaging data breaches over the last few years.

While in most cases, parents cannot opt out of this type of disclosure, they do have the right under NY Ed Law 2D  to be alerted as to which companies have access to their children’s personal info, how it will be protected from breaches and misuse, and how they can check to see if it is accurate and ask for it to be corrected if necessary.  See our Parent Bill of Rights summary here.

So if you are concerned about your child’s privacy, here are some additional questions that you should ask your principal or School Leadership Team about the educational apps or programs employed in your child’s classroom and school:

  • Request the names of all the ed tech programs used by your children, their teachers, and/or school administrators that can access your child’s personal information. Be sure to request the names of all the programs that DOE has told them to use, as well as the programs that the administrators or teachers have chosen  that collect or process your child’s personal student data.
  • If they seem reluctant, remind them that the state student privacy law, Ed Law 2D, provides parents with the right to see the data collected by outside agencies, companies, organizations or other third parties. Parents cannot do that unless they know the names of these programs or apps.
  • Also, ask for a copy of the privacy and security protections for each of these programs, explaining how the data is secured, minimized and deleted when it is no longer necessary to provide the contracted services.

Some of that information is supposed to be on the DOE website but we have too often found that critical information there is missing or incomplete.   As a result, data breaches are all too common, including of the information of students  who have long graduated.

  • Be sure to ask specifically which of these programs use Artificial Intelligence, and which additional privacy protections are for these programs, if any. Many AI programs are known to mine personal student data to improve their products, which is illegal under Ed Law 2D and/or its regulations.
  • You should also ask how many hours per day or per week your child is spending on computers while in school. Now that there is a school cell phone ban, parents should also be concerned about excessive screen time in schools, which has been shown to be far less effective in terms of  student learning and engagement than classroom debate and discussion, as well as reading, writing and doing math on paper.

Finally, I will be holding a special privacy briefing for parents on Wed. October 22 at 6 PM to go over these and more issues in more depth. 

This  is  the same day as the deadline of October 22 to be able to opt out of the disclosure of personal info of 11th and 12th graders for the purposes of military and/or college recruitment.  You can register for this briefing here.

  • Speaking of college recruitment, if your child is in 11th or 12th grade and has signed up for a College Board account to take the PSAT or SAT, or plans to do so soon, please contact us by emailing info@studentprivacymatters.org ASAP.

We believe that the College Board may still be violating student privacy, despite the consent decree they signed with the Attorney General’s office to cease using student data for marketing and commercial purposes in February 2024.

Blog

Alert: Urge your Senators to eliminate the ban on regulating AI from the budget bill!

Update, July 1, 2025  —  Because of public outrage and the vehement opposition of parents, state and local officials, and advocates alike, the Senate voted 99-1 to eliminate this provision from the bill — so that states will be able to  regulate the use of AI, including in the classroom.  If you wrote a letter or called your Senator, thank you! 

The unregulated use of AI in the classroom is a profound threat to student privacy, as these programs collect and commercialize students’ personal data. It is also a threat to the personal connection, feedback and engagement central to a quality education. AI is one of the few technologies whose inventors have warned that it poses a serious risk to humanity itself, including Nobel Prize winner Geoffrey Hinton, often called the godfather of AI.

In a joint letter, more than 200 state legislators expressed their “strong opposition” to any ban on regulating AI, joining a bipartisan coalition of state attorneys general who expressed similar concerns.

Please write to your U.S. Senators today, to demand that they eliminate any language from the budget bill that would prevent or dissuade states and localities from passing laws on AI to protect the safety, education and the well-being of our children.  And please share this email with others who care.  Thank you!

Blog, press release

Parent leaders, elected officials, advocates & members of Chancellor’s Data Privacy Working Group urge Chancellor Ramos to postpone vote on student privacy regulation and allow parents the right of consent

The letter is embedded below the press release.

For immediate release: May 27, 2025

For more information:

Leonie Haimson, info@studentprivacymatters.org; 917-435-9329
Rosa Diaz, Rdiaz.cec4@gmail.com; 347-885-1687
Shannon Edwards, shannon@aiforfamilies.com; 347-719-2161
Kaye Dyja, kdyja@nyclu.org; 212-203-3532

On Wednesday May 28, 2025, the Panel for Educational Policy is scheduled to vote on the revisions to Chancellor’s regulation A-820, which would significantly weaken student privacy protections.  It would allow the Department of Education to share a wide range of sensitive student data with third parties as long as they believe it would benefit the student or the school system.  Members of the Chancellor’s Data Privacy Working Group, NYC Council Members, and Community Education Council leaders, as well as several advocacy organizations including  the  NY Civil Liberties Union, the Parent Coalition for Student Privacy, Dignity in Schools Coalition, and the Alliance for Quality Education, have signed onto a letter to Chancellor Ramos, urging her to delay this vote because of the risk to student safety and privacy if these regulations are approved.

The data that could be shared by Department of Education officials with any third party they please, as long as they considered it beneficial to the student or the system as a whole, would include a student’s name, email address, home address, phone number, and photo, as well as their parents’ contact information and a wide range of additional personal information.

Because of the concerns expressed by parents and advocates last October, including over 3,000 emails sent to the Chancellor and members of the PEP, the initial vote on these revisions was postponed and a Data Privacy Working Group (DPWG) was appointed by the Chancellor.  While some significant improvements have been made as a result of the Group’s discussions, the proposed regulations remain too risky, allowing the disclosure of highly sensitive student data with only an unreliable parent opt out method to prevent this.

Rosa Diaz, the chair of the Chancellor’s Parent Advisory Council and a member of the DPWG said, “Parents deserve the right to control the dispersal of their children’s sensitive personal information, especially when it’s being transmitted to companies or individuals not performing any services to our schools.  We are especially concerned about how this information might be used to threaten the safety of our most vulnerable immigrant children, at a time when their privacy is being  assaulted and data misused by the Trump administration.”

Nequan McLean, another member of the Chancellor’s DPWG, and President of Community Education Council 16 and the Education Council Consortium said, “If approved, this regulation would open up all sorts of unacceptable harms to public school families, including potentially allowing charter schools to aggressively recruit students directly and cherry picking the most academically successful ones by making their academic honors publicly available.  Already, parents are bombarded with charter school mailings and phone calls, even after they have opted out of such mailings.  This harassment could worsen if the proposed amendment to the Chancellor’s regulation A-820 is adopted.”

Shannon Edwards, founder of AI for Families and a member of both the Chancellor’s DPWG and the NY State Education Data Privacy Committee, pointed out, “Too many children are already preyed upon by social media companies and are vulnerable to deep-fake porn and harassment, undermining their mental health.  Sharing their personal email and photographs without strict controls could merely exacerbate this dangerous trend.  We need far more rigorous oversight and regulation preventing the release of this information, rather than loosening the restrictions, as these revisions to the regulation would allow.”

“Parents may not realize that the DOE is handing over their child’s sensitive information to an unknown number of agencies and private companies. This could include a student’s address, photos, and more; in fact, there are only a few exceptions to what can be shared. We believe that caregivers should have the right to give or withhold consent for their child’s information to be shared. It’s reasonable for schools to have the ability to share some basic information for the purposes of events and communication, but for the DOE as a whole to be able to share almost any information without consent is overreach that disenfranchises students and families. We have seen that our new Chancellor is genuinely responsive to the concerns of families, so we are hopeful that she will consider pausing the vote and revisiting the regulations to allow for more parent agency,” said Kaiser, organizer with the Alliance for Quality Education. 

“Given the excessive number of data breaches, the potential of identity theft, and troubling examples of student data already used for targeted advertising and commercial exploitation, as well as the enhanced risk of deportation for our most vulnerable immigrant students, the DOE’s student privacy regulations need strengthening rather than weakening at this time,” said Leonie Haimson, a member of the DPWG and co-chair of the Parent Coalition for Student Privacy.  “We urge the Chancellor not to push through these regulations without more careful consideration of their potential damage to student safety, and to require parent consent rather than opt out for these disclosures.”

###

letter to Chancellor on privacy regulation 5.27.25

 

 

 

Blog

Background on need to strengthen NYC Chancellor’s regs on student privacy

Please read and sign our letter, already signed by several members of the Chancellor’s Data Privacy Working Group as well as education advocacy organizations and NYC Council Members, in opposition to the weakening of DOE’s student privacy protections in their proposed amendments to Chancellor’s regulation A-820. If you would like to sign on, please fill out this form.

These revisions would allow DOE to disclose a vast array of highly sensitive student data to any individual or business they please, including students’ and parents’ names, email addresses, cell phones, home addresses, photos, and more, as long as they believe it would benefit the DOE or the students involved, with only a highly unreliable parent opt out method to prevent this. The weakening of this regulation is up for a vote at the May 28 Panel for Educational Policy meeting, after the initial vote on this measure was delayed in October because of parent and advocate concerns and over 3,000 emails sent to the Chancellor and PEP members.  More background on this issue is below.