Blog, press release

Parent leaders, elected officials, advocates & members of Chancellor’s Data Privacy Working Group urge Chancellor Ramos to postpone vote on student privacy regulation and allow parents the right of consent

The letter is embedded below the press release.

For immediate release: May 27, 2025

For more information:

Leonie Haimson, info@studentprivacymatters.org; 917-435-9329
Rosa Diaz, Rdiaz.cec4@gmail.com; 347-885-1687
Shannon Edwards, shannon@aiforfamilies.com; 347-719-2161
Kaye Dyja, kdyja@nyclu.org; 212-203-3532

On Wednesday May 28, 2025, the Panel for Educational Policy is scheduled to vote on the revisions to Chancellor’s regulation A-820, which would significantly weaken student privacy protections.  It would allow the Department of Education to share a wide range of sensitive student data with third parties as long as they believe it would benefit the student or the school system.  Members of the Chancellor’s Data Privacy Working Group, NYC Council Members, and Community Education Council leaders, as well as several advocacy organizations including  the  NY Civil Liberties Union, the Parent Coalition for Student Privacy, Dignity in Schools Coalition, and the Alliance for Quality Education, have signed onto a letter to Chancellor Ramos, urging her to delay this vote because of the risk to student safety and privacy if these regulations are approved.

The data that could be shared by Department of Education officials with any third party they please, as long as they considered it beneficial to the student or the system as a whole, would include a student’s name, email address, home address, phone number, and photo, as well as their parents’ contact information and a wide range of additional personal information.

Because of the concerns expressed by parents and advocates last October, including over 3,000 emails sent to the Chancellor and members of the PEP, the initial vote on these revisions was postponed and a Data Privacy Working Group (DPWG) was appointed by the Chancellor.  While some significant improvements have been made as a result of the Group’s discussions, the proposed regulations remain too risky, allowing the disclosure of highly sensitive student data with only an unreliable parent opt out method to prevent this.

Rosa Diaz, the chair of the Chancellor’s Parent Advisory Council and a member of the DPWG said, “Parents deserve the right to control the dispersal of their children’s sensitive personal information, especially when it’s being transmitted to companies or individuals not performing any services to our schools.  We are especially concerned about how this information might be used to threaten the safety of our most vulnerable immigrant children, at a time when their privacy is being  assaulted and data misused by the Trump administration.”

Nequan McLean, another member of the Chancellor’s DPWG, and President of Community Education Council 16 and the Education Council Consortium said, “If approved, this regulation would open up all sorts of unacceptable harms to public school families, including potentially allowing charter schools to aggressively recruit students directly and cherry picking the most academically successful ones by making their academic honors publicly available.  Already, parents are bombarded with charter school mailings and phone calls, even after they have opted out of such mailings.  This harassment could worsen if the proposed amendment to the Chancellor’s regulation A-820 is adopted.”

Shannon Edwards, founder of AI for Families and a member of both the Chancellor’s DPWG and the NY State Education Data Privacy Committee, pointed out, “Too many children are already preyed upon by social media companies and are vulnerable to deep-fake porn and harassment, undermining their mental health.  Sharing their personal email and photographs without strict controls could merely exacerbate this dangerous trend.  We need far more rigorous oversight and regulation preventing the release of this information, rather than loosening the restrictions, as these revisions to the regulation would allow.”

“Parents may not realize that the DOE is handing over their child’s sensitive information to an unknown number of agencies and private companies. This could include a student’s address, photos, and more; in fact, there are only a few exceptions to what can be shared. We believe that caregivers should have the right to give or withhold consent for their child’s information to be shared. It’s reasonable for schools to have the ability to share some basic information for the purposes of events and communication, but for the DOE as a whole to be able to share almost any information without consent is overreach that disenfranchises students and families. We have seen that our new Chancellor is genuinely responsive to the concerns of families, so we are hopeful that she will consider pausing the vote and revisiting the regulations to allow for more parent agency,” said Kaiser, organizer with the Alliance for Quality Education. 

“Given the excessive number of data breaches, the potential of identity theft, and troubling examples of student data already used for targeted advertising and commercial exploitation, as well as the enhanced risk of deportation for our most vulnerable immigrant students, the DOE’s student privacy regulations need strengthening rather than weakening at this time,” said Leonie Haimson, a member of the DPWG and co-chair of the Parent Coalition for Student Privacy.  “We urge the Chancellor not to push through these regulations without more careful consideration of their potential damage to student safety, and to require parent consent rather than opt out for these disclosures.”

###

letter to Chancellor on privacy regulation 5.27.25

 

 

 

Blog

Privacy and other issues with Hazel Health telehealth counseling in Chicago Public Schools

Illinois Families for Public Schools sent a letter to the Chicago Board of Education on May 5, 2025 with a list of concerns about privacy and other issues with a new telehealth program where mental health services are provided by for-profit company Hazel Health. IL-FPS urges the Board to answer the questions posed in the letter and revise the consent forms that parents agree to when they sign their student up for services.

The acute need for additional access to mental health services for the students of Chicago Public Schools should not require the young people receiving those services to waive their rights to privacy, nor have their personal information exploited commercially.

You can read the full letter here. The four primary concerns presented include:

  • Only one of two contracts with Hazel Health are available on the CPS website. The list of data collected that is included in one of the contracts does not appear to be complete; it does not list any medical information or video or audio data as being collected, which does not make sense given the nature of the services provided by Hazel Health. Under the Student Online Personal Protection Act, parents and the public should have access to a list of what information is being shared with a third-party company.
  • Pages on the Hazel Health website that parents are directed to include tracking by Amazon and Alphabet (Google’s parent company). This type of commercial surveillance, especially for a site providing mental health services, is not acceptable.
  • The terms in the consent/authorization form that parents agree to in order to sign students up for services are deeply problematic and conflict with state law and CPS policy. Among other things, parents agree that data shared with Hazel “may not be secure and may be illegally accessed by a third party” and that their child’s information can be used for commercial and research purposes.
  • Online job review sites report that caseloads for Hazel Health therapists may be up to ten clients per day or 35 clients per week. This raises issues about working conditions for clinicians and the impact of that on the students who are receiving services.

The questions for the Board posed in the letter are:

  1. What data elements of students’ covered information are being collected, transmitted and held by Hazel Health and its subcontractors?
  2. What student records and covered information generated in the course of receiving services from Hazel Health are shared back to CPS? Which CPS employees have access to them? Who determines this? How are these student records shared?
  3. How is confidentiality for students aged 12-17 years protected with respect to limitations on parental access?
  4. How many students does one therapist see per day and per week?
  5. How much time do therapists have to prepare for and respond to client sessions?
  6. What, if any, direct, real-time communication takes place between clinicians and school staff?

Illinois Families for Public Schools urges the Board to (i) provide families with answers to all the above questions, (ii) post any and all legal agreements between Hazel Health, United Healthcare (the funder of the current program) and the Chicago Board of Education publicly on the CPS website, (iii) revise and reissue any consent and policy documents that Hazel Health requires families to agree to in order to for children to access services, and, if needed, renegotiate any agreements with Hazel Health to ensure that no student information or records provided to or processed by them will be used for anything other than providing telehealth services.

New York City rolled out a telehealth mental health program last fall that was a contract between Talkspace and the city’s Department of Health that has been widely promoted by the NYC Department of Education for public school students there as well. It has had major privacy issues (see here and here) flagged by the Parent Coalition for Student Privacy and other privacy advocates. Ultimately, the contract between NYC and Talkspace was rewritten, but problems with tracking users on their website have yet to be resolved.

Blog

Background on need to strengthen NYC Chancellor’s regs on student privacy

Please read and sign our letter, already signed by several members of the Chancellor’s Data Privacy Working Group as well as education advocacy organizations and NYC Council Members, in opposition to the weakening of DOE’s student privacy protections in their proposed amendments to Chancellor’s regulation A-820. If you would like to sign on, please fill out this form.

These revisions would allow DOE to disclose a vast array of highly sensitive student data to any individual or business they please, including students’ and parents’ names, email addresses, cell phones, home addresses, photos, and more, as long as they believe it would benefit the DOE or the students involved, with only a highly unreliable parent opt out method to prevent this. The weakening of this regulation is up for a vote at the May 28 Panel for Educational Policy meeting, after the initial vote on this measure was delayed in October because of parent and advocate concerns and over 3,000 emails sent to the Chancellor and PEP members.  More background on this issue is below.

Blog

Risks of using AI in the classroom

April 8, 2025

The annual conference of Network for Public Education, on whose board I sit, was held last weekend in Columbus, Ohio.  It was terrific as usual, with wonderful speeches and incisive and illuminating workshops and panel discussions on how to strengthen our public schools and protect them from the depredations of budget cuts, privatization, and censorship.  We also heard from Gov. Tim Walz, who gave an impassioned speech against Trump’s attempt to dismantle our education system.  More about this here.

We also organized a workshop on the risks of using AI in the classroom, including the risks to student privacy, featuring our co-chair Cassie Creswell and  Peter Greene, education guru and blogger.

Our presentation is here and embedded below.  If your group would like a similar presentation, please email us at info@studentprivacymatters.org

thanks,

Leonie Haimson, co-chair, Parent Coalition for Student Privacy

AI for NPE final
Blog

Presentation to the Data Privacy Working Group on the problems with DOE’s proposed privacy regs as well as their overall privacy policies and practices

March 5, 2025

Today, the DOE Data Privacy Working Group met for the first time, appointed by Chancellor Ramos to strengthen  weaknesses in proposed revisions to Chancellors Regulations A 820 pertaining to student privacy, and the DOE’s overall data privacy policies and practices.

This meeting was very important, considering how over many years, DOE has long treated student personal data in an overly lax fashion, leading to numerous breaches and the sale and commercialization of their information – contrary to the state student privacy law, Ed Law 2D, passed in 2014.

Below is embedded our presentation to the Working Group, also post here in English and in Spanish..  It followed presentations  from Dennis Doyle, DOE’s chief privacy officer, Louise DeCandia, NYSED Chief Privacy Officer, and Naveed Hassan, a parent member of the PEP who is a technology expert.

Much thanks to Maggie Sanchez,  Co-founder of Protect NYC Special Education, for the Spanish translation!