Category Archives: Blog

Blog

How NYC parents can opt out of data sharing and protect their child’s privacy

 Important update:  Our special privacy briefing via Zoom has been rescheduled to Wed. Oct. 22 at 6 PM! 

Oct. 6, 2025

In May 2025, the NYC Department of Education revised Chancellor’s regulations A-820, to authorize DOE and schools to disclose a category of student personal data called Directory Information for the first time within the school  or to non-school vendors, as long as parents were provided with the right to opt out.

Yet the instructions for parents on how to opt out on the DOE website are difficult to access and understand, requiring clicks across many webpages and forms.  In some cases, the webpages omit key details, including which grade levels these disclosures apply to and the deadlines for opting out.  In at least case, the deadline listed is from last year and in the case of disclosures to charter schools requires that you know your child’s OSIS number.

  1. How to opt out of the disclosure of your child’s Directory Information

To simplify the opt out process for parents, the Parent Coalition for Student Privacy has developed a simple one page opt out form that offers all this information in a clear and organized fashion, and can be printed, filled out and handed in at your child’s school.

To be clear, this is an unofficial form that we have created based on the opt out form used by Los Angeles public schools.  Though we repeatedly urged DOE to create a similar form, they have refused to do so.  Still, we recommend you print this form , fill it out and hand it in at your school as soon as possible.

  • In any case, to ensure that the DOE recognizes your intention to opt out, you should also check our instructions on how to opt out of four different directory information disclosures that DOE intends to make: to charter schools, the military and/or colleges for recruitment purposes, as well as the National Student Clearinghouse.
  • Also, here are  instructions on how opt out of the NYC Kids Rise savings program, which DOE and the company have made especially complicated.
  • Your school is also supposed to provide you with a separate opt-out form for whatever disclosures they intend to make to other organizations and/or purposes, as well as specific information about what data will be disclosed in each case if you do not opt out. If you haven’t received that form, ask your principal or Parent Coordinate for it asap.
  • If any of these disclosures are being made to companies or individuals outside of the school community, there must also be a written agreement or contract that protects the confidentiality of your child’s personal data. This is the only significant change that we managed to convince DOE to make to improve their initial proposed regulations.  Ask your principal to provide that written agreement.

Additional questions parents should be asking about their children’s privacy and ed tech at their schools

In any case, it is important to note that  the instructions above only deal with the category of directory information provided to non-school vendors, generally for non-educational purposes.

DOE and individual schools have signed up with more than 500 ed tech companies to provide various types of services and programs, each of which collect and process personal student  data, much of it extremely sensitive.  As a result, NYC students have suffered multiple damaging data breaches over the last few years.

While in most cases, parents cannot opt out of this type of disclosure, they do have the right under NY Ed Law 2D  to be alerted as to which companies have access to their children’s personal info, how it will be protected from breaches and misuse, and how they can check to see if it is accurate and ask for it to be corrected if necessary.  See our Parent Bill of Rights summary here.

So if you are concerned about your child’s privacy, here are some additional questions that you should ask your principal or School Leadership Team about the educational apps or programs employed in your child’s classroom and school:

  • Request the names of all the ed tech programs used by your children, their teachers, and/or school administrators that can access your child’s personal information. Be sure to request the names of all the programs that DOE has told them to use, as well as the programs that the administrators or teachers have chosen  that collect or process your child’s personal student data.
  • If they seem reluctant, remind them that the state student privacy law, Ed Law 2D, provides parents with the right to see the data collected by outside agencies, companies, organizations or other third parties. Parents cannot do that unless they know the names of these programs or apps.
  • Also, ask for a copy of the privacy and security protections for each of these programs, explaining how the data is secured, minimized and deleted when it is no longer necessary to provide the contracted services.

Some of that information is supposed to be on the DOE website but we have too often found that critical information there is missing or incomplete.   As a result, data breaches are all too common, including of the information of students  who have long graduated.

  • Be sure to ask specifically which of these programs use Artificial Intelligence, and which additional privacy protections are for these programs, if any. Many AI programs are known to mine personal student data to improve their products, which is illegal under Ed Law 2D and/or its regulations.
  • You should also ask how many hours per day or per week your child is spending on computers while in school. Now that there is a school cell phone ban, parents should also be concerned about excessive screen time in schools, which has been shown to be far less effective in terms of  student learning and engagement than classroom debate and discussion, as well as reading, writing and doing math on paper.

Finally, I will be holding a special privacy briefing for parents on Wed. October 22 at 6 PM to go over these and more issues in more depth. 

This  is  the same day as the deadline of October 22 to be able to opt out of the disclosure of personal info of 11th and 12th graders for the purposes of military and/or college recruitment.  You can register for this briefing here.

  • Speaking of college recruitment, if your child is in 11th or 12th grade and has signed up for a College Board account to take the PSAT or SAT, or plans to do so soon, please contact us by emailing info@studentprivacymatters.org ASAP.

We believe that the College Board may still be violating student privacy, despite the consent decree they signed with the Attorney General’s office to cease using student data for marketing and commercial purposes in February 2024.

Blog

Alert: Urge your Senators to eliminate the ban on regulating AI from the budget bill!

Update, July 1, 2025  —  Because of public outrage and the vehement opposition of parents, state and local officials, and advocates alike, the Senate voted 99-1 to eliminate this provision from the bill — so that states will be able to  regulate the use of AI, including in the classroom.  If you wrote a letter or called your Senator, thank you! 

The unregulated use of AI in the classroom is a profound threat to student privacy, as these programs collect and commercialize students’ personal data. It is also a threat to the personal connection, feedback and engagement central to a quality education. AI is one of the few technologies whose inventors have warned that it poses a serious risk to humanity itself, including Nobel Prize winner Geoffrey Hinton, often called the godfather of AI.

In a joint letter, more than 200 state legislators expressed their “strong opposition” to any ban on regulating AI, joining a bipartisan coalition of state attorneys general who expressed similar concerns.

Please write to your U.S. Senators today, to demand that they eliminate any language from the budget bill that would prevent or dissuade states and localities from passing laws on AI to protect the safety, education and the well-being of our children.  And please share this email with others who care.  Thank you!

Blog, press release

Parent leaders, elected officials, advocates & members of Chancellor’s Data Privacy Working Group urge Chancellor Ramos to postpone vote on student privacy regulation and allow parents the right of consent

The letter is embedded below the press release.

For immediate release: May 27, 2025

For more information:

Leonie Haimson, info@studentprivacymatters.org; 917-435-9329
Rosa Diaz, Rdiaz.cec4@gmail.com; 347-885-1687
Shannon Edwards, shannon@aiforfamilies.com; 347-719-2161
Kaye Dyja, kdyja@nyclu.org; 212-203-3532

On Wednesday May 28, 2025, the Panel for Educational Policy is scheduled to vote on the revisions to Chancellor’s regulation A-820, which would significantly weaken student privacy protections.  It would allow the Department of Education to share a wide range of sensitive student data with third parties as long as they believe it would benefit the student or the school system.  Members of the Chancellor’s Data Privacy Working Group, NYC Council Members, and Community Education Council leaders, as well as several advocacy organizations including  the  NY Civil Liberties Union, the Parent Coalition for Student Privacy, Dignity in Schools Coalition, and the Alliance for Quality Education, have signed onto a letter to Chancellor Ramos, urging her to delay this vote because of the risk to student safety and privacy if these regulations are approved.

The data that could be shared by Department of Education officials with any third party they please, as long as they considered it beneficial to the student or the system as a whole, would include a student’s name, email address, home address, phone number, and photo, as well as their parents’ contact information and a wide range of additional personal information.

Because of the concerns expressed by parents and advocates last October, including over 3,000 emails sent to the Chancellor and members of the PEP, the initial vote on these revisions was postponed and a Data Privacy Working Group (DPWG) was appointed by the Chancellor.  While some significant improvements have been made as a result of the Group’s discussions, the proposed regulations remain too risky, allowing the disclosure of highly sensitive student data with only an unreliable parent opt out method to prevent this.

Rosa Diaz, the chair of the Chancellor’s Parent Advisory Council and a member of the DPWG said, “Parents deserve the right to control the dispersal of their children’s sensitive personal information, especially when it’s being transmitted to companies or individuals not performing any services to our schools.  We are especially concerned about how this information might be used to threaten the safety of our most vulnerable immigrant children, at a time when their privacy is being  assaulted and data misused by the Trump administration.”

Nequan McLean, another member of the Chancellor’s DPWG, and President of Community Education Council 16 and the Education Council Consortium said, “If approved, this regulation would open up all sorts of unacceptable harms to public school families, including potentially allowing charter schools to aggressively recruit students directly and cherry picking the most academically successful ones by making their academic honors publicly available.  Already, parents are bombarded with charter school mailings and phone calls, even after they have opted out of such mailings.  This harassment could worsen if the proposed amendment to the Chancellor’s regulation A-820 is adopted.”

Shannon Edwards, founder of AI for Families and a member of both the Chancellor’s DPWG and the NY State Education Data Privacy Committee, pointed out, “Too many children are already preyed upon by social media companies and are vulnerable to deep-fake porn and harassment, undermining their mental health.  Sharing their personal email and photographs without strict controls could merely exacerbate this dangerous trend.  We need far more rigorous oversight and regulation preventing the release of this information, rather than loosening the restrictions, as these revisions to the regulation would allow.”

“Parents may not realize that the DOE is handing over their child’s sensitive information to an unknown number of agencies and private companies. This could include a student’s address, photos, and more; in fact, there are only a few exceptions to what can be shared. We believe that caregivers should have the right to give or withhold consent for their child’s information to be shared. It’s reasonable for schools to have the ability to share some basic information for the purposes of events and communication, but for the DOE as a whole to be able to share almost any information without consent is overreach that disenfranchises students and families. We have seen that our new Chancellor is genuinely responsive to the concerns of families, so we are hopeful that she will consider pausing the vote and revisiting the regulations to allow for more parent agency,” said Kaiser, organizer with the Alliance for Quality Education. 

“Given the excessive number of data breaches, the potential of identity theft, and troubling examples of student data already used for targeted advertising and commercial exploitation, as well as the enhanced risk of deportation for our most vulnerable immigrant students, the DOE’s student privacy regulations need strengthening rather than weakening at this time,” said Leonie Haimson, a member of the DPWG and co-chair of the Parent Coalition for Student Privacy.  “We urge the Chancellor not to push through these regulations without more careful consideration of their potential damage to student safety, and to require parent consent rather than opt out for these disclosures.”

###

letter to Chancellor on privacy regulation 5.27.25

 

 

 

Blog

Privacy and other issues with Hazel Health telehealth counseling in Chicago Public Schools

Illinois Families for Public Schools sent a letter to the Chicago Board of Education on May 5, 2025 with a list of concerns about privacy and other issues with a new telehealth program where mental health services are provided by for-profit company Hazel Health. IL-FPS urges the Board to answer the questions posed in the letter and revise the consent forms that parents agree to when they sign their student up for services.

The acute need for additional access to mental health services for the students of Chicago Public Schools should not require the young people receiving those services to waive their rights to privacy, nor have their personal information exploited commercially.

You can read the full letter here. The four primary concerns presented include:

  • Only one of two contracts with Hazel Health are available on the CPS website. The list of data collected that is included in one of the contracts does not appear to be complete; it does not list any medical information or video or audio data as being collected, which does not make sense given the nature of the services provided by Hazel Health. Under the Student Online Personal Protection Act, parents and the public should have access to a list of what information is being shared with a third-party company.
  • Pages on the Hazel Health website that parents are directed to include tracking by Amazon and Alphabet (Google’s parent company). This type of commercial surveillance, especially for a site providing mental health services, is not acceptable.
  • The terms in the consent/authorization form that parents agree to in order to sign students up for services are deeply problematic and conflict with state law and CPS policy. Among other things, parents agree that data shared with Hazel “may not be secure and may be illegally accessed by a third party” and that their child’s information can be used for commercial and research purposes.
  • Online job review sites report that caseloads for Hazel Health therapists may be up to ten clients per day or 35 clients per week. This raises issues about working conditions for clinicians and the impact of that on the students who are receiving services.

The questions for the Board posed in the letter are:

  1. What data elements of students’ covered information are being collected, transmitted and held by Hazel Health and its subcontractors?
  2. What student records and covered information generated in the course of receiving services from Hazel Health are shared back to CPS? Which CPS employees have access to them? Who determines this? How are these student records shared?
  3. How is confidentiality for students aged 12-17 years protected with respect to limitations on parental access?
  4. How many students does one therapist see per day and per week?
  5. How much time do therapists have to prepare for and respond to client sessions?
  6. What, if any, direct, real-time communication takes place between clinicians and school staff?

Illinois Families for Public Schools urges the Board to (i) provide families with answers to all the above questions, (ii) post any and all legal agreements between Hazel Health, United Healthcare (the funder of the current program) and the Chicago Board of Education publicly on the CPS website, (iii) revise and reissue any consent and policy documents that Hazel Health requires families to agree to in order to for children to access services, and, if needed, renegotiate any agreements with Hazel Health to ensure that no student information or records provided to or processed by them will be used for anything other than providing telehealth services.

New York City rolled out a telehealth mental health program last fall that was a contract between Talkspace and the city’s Department of Health that has been widely promoted by the NYC Department of Education for public school students there as well. It has had major privacy issues (see here and here) flagged by the Parent Coalition for Student Privacy and other privacy advocates. Ultimately, the contract between NYC and Talkspace was rewritten, but problems with tracking users on their website have yet to be resolved.

Blog

Background on need to strengthen NYC Chancellor’s regs on student privacy

Please read and sign our letter, already signed by several members of the Chancellor’s Data Privacy Working Group as well as education advocacy organizations and NYC Council Members, in opposition to the weakening of DOE’s student privacy protections in their proposed amendments to Chancellor’s regulation A-820. If you would like to sign on, please fill out this form.

These revisions would allow DOE to disclose a vast array of highly sensitive student data to any individual or business they please, including students’ and parents’ names, email addresses, cell phones, home addresses, photos, and more, as long as they believe it would benefit the DOE or the students involved, with only a highly unreliable parent opt out method to prevent this. The weakening of this regulation is up for a vote at the May 28 Panel for Educational Policy meeting, after the initial vote on this measure was delayed in October because of parent and advocate concerns and over 3,000 emails sent to the Chancellor and PEP members.  More background on this issue is below.