Sign up for Chalkbeat New York’s free daily newsletter to keep up with NYC’s public schools.
New York City’s school board is delaying a vote on a controversial proposal regulating how the Education Department collects, stores, and shares private student data, including names, emails, phone numbers, home addresses, and birth dates.
For weeks, parents and advocates have expressed concerns over whether proposed revisions to a 15-year-old Education Department policy would adequately safeguard student data. Some worried the revised policy could weaken protections for students, in some cases allowing the Education Department to share student data with outside parties without parental consent.
The United Federation of Teachers echoed parent concerns over the proposed revisions in a letter sent earlier this month to the Education Department, according to a copy obtained by Chalkbeat.
Fears about student data privacy have increased in the weeks since President-elect Donald Trump won his reelection bid. During his campaign, Trump repeatedly vowed to enact aggressive mass deportations, a promise that is already spreading worry in New York City, which is home to thousands of asylum-seeking and other migrant students.
In light of Trump’s rhetoric, some parents, advocates, and city officials want to see even stronger protections for student data, ensuring information like a student’s home address won’t aid federal agents in identifying undocumented students.
The revised regulations were initially slated for an October vote by the city’s Panel for Educational Policy, or PEP, which votes on major policy proposals and contracts. It was moved to the panel’s Wednesday meeting, then pushed back again at least until December, PEP Chair Gregory Faulkner said last week.
With more time before the vote, Faulkner said the PEP plans to hold a town hall during the first week of December to solicit public feedback on the regulations. (The date has not yet been set.) It’s one of two controversial proposals that will be discussed during the town hall, with families also asked to weigh in on a proposed nearly $17 million contract for the Specialized High School Admissions Test.
Education Department spokesperson Chyann Tull said moving the vote would allow for further community engagement.
“The proposed revisions to the regulation make necessary updates to conform with state and federal law, and bring the regulation up to date with current policies and practices related to safeguarding student information, which go beyond legal requirements,” she said in a statement. “We listen and are responsive to the voices of our families and communities, and we have revised the regulation twice in response to public comment.”
But critics of the revisions argue that the proposed regulations aren’t fully aligned with state law, which they say outlines more overt protections and oversight when it comes to how outside parties use student data collected by education agencies.
Members of the public can view the proposed revisions online, and share feedback to PEP by email or phone or by attending a meeting, city officials said.
Advocates argue opt out measures are insufficient
The proposed regulations update 2009 privacy protections and include details on parental and students’ rights when it comes to education records, the responsibilities of school officials handling those records, procedures that must be followed after data breaches, and more.
Advocates have expressed concerns over a stipulation through which student data can become classified as “directory information,” allowing the Education Department to release it to third-party vendors without parental consent.
Under the proposed regulation, schools would be required to give families at least a 30-day notice before such data is cleared for release, during which families could choose to opt out, according to city documents. Those notices would be required to include both the types of student data that would become directory information, as well as the parties to whom that data would be released. The notices must also be “written and distributed in a manner reasonably likely to be seen” by families.
But once classified as directory information, that data could be shared with the designated parties without parental consent.
Leonie Haimson, executive director of the advocacy group Class Size Matters and co-chair of the Parent Coalition for Student Privacy, took issue with the broad array of student data that could be classified as directory information under the proposed regulations. She added that opt-out measures are insufficient to protect student privacy.
“We know that parent opt out is inadequate, as many parents will never see these notifications,” she said in an email. “Identity theft of minors can occur with only names and birth dates, and these crimes can go undetected for years, seriously damaging their future prospects.”
For many, concerns about student data being shared center on how outside parties might use the information — and whether the proposed regulations sufficiently guard against potential redisclosure or abuse of student data. Hearing that feedback motivated Faulkner to seek out more public input on the regulations, he said.
“It leaves our hands at some point, and that’s where there have been complaints,” he said of student data. “For me, I want to see that that directory information is really protected.”
Naveed Hasan, a Manhattan parent and PEP member, is awaiting input from the public before he decides on the proposed revisions. He’s concerned about how vendors might be using student data, particularly when much of the Education Department’s tech infrastructure is outsourced to other companies.
“My position has always been that none of our students’ private data should ever be on a non-DOE operated network under any circumstance,” he said.
Education Department officials said that students’ personally identifiable information cannot be used for commercial or marketing purposes and that vendors can only access, use, or share private data as necessary for the services they are contracted to provide.
Student privacy concerns heightened by second Trump term
Haimson has voiced a litany of other concerns about the privacy regulations, including that the language could exempt some student health records from the protections of state law, as well as the possible implications of the revisions for migrant students once Trump assumes office.
“Disclosing a child’s personal data, including their photos, could also further encourage predatory marketing, sexual harassment, deepfake porn or abduction, and help the Trump administration deport migrant students based on their addresses,” Haimson said.
Faulkner said he’s asked the city for more information about what the Trump administration’s focus on mass deportations could mean for the city’s students, particularly as it relates to student data privacy.
“Are we making this easy? Are there protections in place?” he said. “Some of the kids, if their addresses become easily accessible, all you need to know is where the shelters are. Would that target our kids who are undocumented?”
Beyond the issue of data privacy, Hasan said he hopes to see the city more firmly commit to protecting undocumented students from the Trump administration.
“We want the city to not cooperate if and when they approach them, no matter what,” he said. “We need to set up safeguards for our students and our families that are enrolled in schools — that have a federal right to be in those schools, no matter what their documentation status is — even if they’re approached by a hostile federal administration.”
Jessamyn Lee, a Brooklyn parent and member of the PEP, is hopeful that public pressure will push the Education Department to further strengthen protections for student data.
“These regulations only come up like once a decade,” she said. “So if we don’t get it right now, the students who are currently in our schools are just going to be screwed.”
Julian Shen-Berro is a reporter covering New York City. Contact him at jshen-berro@chalkbeat.org.
