New revelations showing DOE’s continuing lack of concern for the privacy and safety of NYC students - please sign our letter to the Chancellor today!

Update: 7/22/25:  The DOE did not further improve their regulations which will allow schools and DOE central to disclose a large amount of personal student data to third parties without parental consent.  We will work to make as many parents as possible aware in the fall to opt out, and hope for a far more clear and functional opt out process to be provided by DOE.

Also, we recently received more information about the number of students and staff affected by the PowerSchool breach, through a FOIL I submitted.  The info is below.  Meanwhile, parents, teachers and SLTs should try to convince their schools not to use ANY PowerSchool products since they have proven to be unreliable and irresponsible in their privacy and security practices; and urge their schools to require the company to delete the data they have already collected for current and former students as soon as possible. 

 

Data breached by PowerSchool in Dec. 2024; according to DOE FOIL 7.22.25

1.Please read and sign our letter, already signed by several members of the Chancellor’s Data Privacy Working Group as well as several education advocacy organizations and NYC Council Members, in opposition to the weakening of DOE’s student privacy protections in their proposed amendments to Chancellor’s regulation A-820.  If you would like to sign on, please fill out this form.  

These revisions would allow DOE to  disclose a vast array of highly sensitive student data to any individual or business they please, including students’ and parents’  names, email addresses, cell phones, home addresses, photos, and more, as long as they believe it would benefit the DOE or the students involved, with only a highly unreliable parent opt out method to prevent this.  The weakening of this regulation is up for a vote at the May 28 Panel for Educational Policy meeting, after the initial vote on this measure was delayed in October because of parent and advocate concerns and over 3,000 emails sent to the Chancellor and PEP members. 

2. Evidence of the  irresponsible practices of the DOE when it comes to protecting student privacy is further revealed by recent developments in the PowerSchool breach.

According to a May 7 announcement on the PowerSchool website and numerous news accounts, extortionists have now contacted schools and districts affected by the original PowerSchool Student Information System breach that occurred in December,  threatening the further exposure of  student data unless they are paid a ransom.

The original breach exposed the personal information of an estimated 60 million children, parents, and school staff across the US and in Canada, including an indeterminate number of current and former NYC students and teachers at four NYC high schools: Fordham HS for the Arts, Westchester Square Academy, Long Island City High School, and Lower East Side Prep. 

It is unknown at this time whether any of these NYC schools have been directly contacted by the cyber criminals, as has occurred in the case of schools elsewhere, and DOE has still not posted anything about this new threat on its webpage entitled “Data Security Incidents”, where it is supposed to provide this sort of information.

Still to this day,  DOE officials refuse to publicize the names of the four schools that had their student data stolen back in December, or to reveal publicly that former students at these schools likely had their information breached as well.

 The DOE was also months late in informing parents at these schools that their children’s data had been breached, and even now, refuses to provide any guidance to the many NYC schools that they should stop using  the 16 other invasive PowerSchool programs that collect a wide range of personal student and teacher data, even though it’s been shown that the company did not employ even the most basic security measures to prevent hacking. PowerSchool is now being sued by more than 20 different states, districts, and class action lawsuits as a result.   

The DOE’s lackadaisical attitude towards protecting student data is especially relevant right now, as mentioned above, as proposals  to weaken their Chancellor’s regulation, A-820 are on the agenda to be voted on by the PEP at the end of the month.

The only significant concession DOE has made in the latest round of revisions to this regulation is to require a written agreement with the third parties with whom they want to share all this sensitive student data , but as we have seen in the PowerSchool breach, as well as many others, including the Illuminate breach that exposed the data of more than a million NYC current and former students, their written agreements have done little to  stop the illegal disclosures and commercial exploitation of student data because of insufficient oversight and enforcement.

More details on the earlier PowerSchool breach and the recent ransomware attacks are below.

Background

The original hack of the PowerSchool School Information Systems (SIS) began on December 19 and ended on December 28.  On January 6, PowerSchool informed hundreds of districts and schools systems nationwide and in Canada that personal data stored in their student information systems had been accessed; later they admitted that they paid ransom to the criminals in exchange for their promise to destroy the data.

Most districts throughout New York state and elsewhere alerted parents to the threat, in early to mid-January, and shortly thereafter advised them how to sign up for free identity theft insurance and credit monitoring offered by PowerSchool.  It is well known that student data is very valuable for purposes of identity theft, as most children do not already have a credit rating.  

Yet DOE said nothing to parents about this at the four affected schools, and in fact, when reporters asked in January if any NYC schools were affected, DOE told them no.

It was not until February 3 that I learned in an email from the NY State Education Department Chief Privacy Officer Louise de Candia that four NYC schools did indeed have their student data hacked, and she gave me the schools’ names.  I forwarded this information to the Daily News reporter, Cayla Bamberger, who wrote an article about the breach on February 6 (free link here).  I also posted more details about the breach on my blog. 

But amazingly, even then the DOE refused to confirm the names of the affected schools to reporters, or to post their names on their website, even though the State Education Department specifically advised districts to do so, in order to alert former students to the risk to their privacy and safety. They wrote:

Like the Illuminate Education data breach that occurred in late 2021/early 2022, former students may be affected by this breach.  Therefore, we recommend that educational agencies put a notification on their web page to capture as wide an audience as possible. 

Further delay and inadequate notification of affected families and students

Only following the Daily News article did principals send a message to parents at these four schools, saying that they were still looking into whether their children’s data had been breached. 

Not until March 7, more than two months after the initial reports, did DOE apparently confirm internally that NYC students, former students, and staff had their data stolen by hackers, even though back in January there were simple instructions on Reddit, and elsewhere on how schools and districts should check their SIS log files to confirm which students and teachers were affected, and what data had been stolen.  

It was not until three weeks after that, the week of April 1, that the DOE mailed notification letters to affected students and staff, and not until April 3 was the following message posted on the DOE website:

“Approximately 3,437 students and 317 staff were affected by the PowerSchool SIS data security incident. … All students who were affected by this incident had the following information disclosed: name, student ID number, date of birth, grade level, expected graduation year, enrollment information, and home address. Some students also had race/ethnicity, gender, classroom assignment, parent name, parent email, home phone number, emergency contact name and phone, and medical contact information disclosed.  All staff who were affected by this incident had their file number/employee ID disclosed.”  

Still this statement was far from complete, as the DOE continued to refuse to disclose the names of the affected schools on the website, or that former students also had their data breached.  This was confirmed to me by the DOE chief privacy officer Dennis Doyle after I asked him about it.  Though he said he didn’t know how many former students were affected, “it’s possible the impacted data goes as far back as the 2021-22 school year.”  By looking at the demographic snapshot just for Long Island City HS, that means that another 1,321 students who were enrolled that year but have since graduated or dropped out may also have their data hacked.

The NY student privacy law Ed Law 2D regulations require that parents be informed as soon as possible about a breach of personal student data and in no case, more than 60 calendar days after its discovery:

“Educational agencies shall notify affected parents, eligible students, teachers and/or principals in the most expedient way possible and without unreasonable delay, but no more than 60 calendar days after the discovery of a breach.”

Of course, 60 days is too long in any case; State Ed originally proposed 45 days in their regulations, but some districts apparently complained this was too short a time frame. NY state has now amended its general business law to require all businesses to notify  affected individuals of breaches within 30 days, though it’s not clear if schools and district apply.

In any case, given that districts were informed of the PowerSchool breach on January 7, that would make the deadline in state law for notification March 8, 2025 – and yet parents in NYC were not sent letters confirming their kids’ data was breached until three weeks later. 

Unfortunately, the DOE has said nothing publicly about these recent ransomware attacks, though there is an update on their website dated May 8, the day after PowerSchool and numerous media accounts, including NBC news, reported on these new threats to student privacy. Instead, the DOE only informed parents on that date that the deadline to sign up for PowerSchool’s offer of free identity theft insurance had been extended to July 31; and then added “There is no evidence of continued unauthorized access”, even as parents throughout the country were being warned otherwise.

For example, schools in North Carolina received extortion emails on May 7, according to the state Department of Education’s public bulletin, posted the same day, alerting the public that these criminals appeared to have students' and staffers’ names, contact information, birthdays, medical information, parental information, and in some cases even their Social Security numbers. 

The North Carolina State Superintendent produced a sample template that districts were asked to send to parents, warning them not to respond if contacted by these threat actors, and not to open any suspicious links or emails related to this incident, or  engage with anyone claiming to have this data.”

About the more recent ransomware threats, there are three possible scenarios according to this article: that the original hackers did not delete the data back in January as they promised PowerSchool after receiving payment; or they had already sold or released the data to another group before deleting it.  There is a third possibility: that these latest demands are empty threats, but as PowerSchool reported, the samples of personal data sent to schools as warnings in May match the data previously stolen in December.

DOE’s continued lack of oversight, transparency and enforcement when it comes to   student privacy

All this sadly might have been prevented if DOE had taken the necessary precautions.  The privacy addendum that PowerSchool provided to DOE several years ago, and still posted on the DOE website should have provided sufficient warning.  It said that the company will:

 “Review data security and privacy policy and practices to ensure they are in conformance with all applicable federal, state, and local laws & the terms of this DSPP [Data Security Privacy Plan].… In the event Processor’s policy and practices are not in conformance, Processor will implement commercially reasonable efforts to ensure such compliance.”

In other words, PowerSchool proclaimed that they would comply with federal and state privacy laws -- and their own contract with DOE – only if they felt it was “commercially reasonable” and would not unduly affect their bottom line.

I also pointed out that DOE allows schools to use 17 privacy-invasive PowerSchool programs that collect a huge amount of sensitive teacher and student data, and asked for a meeting to discuss the many other ways in which the DOE consistently fails to properly vet their privacy agreements or to follow up with their vendors to ensure they are  adhering to these agreements.  Here is a copy of one of the slides I sent him.

Similar problems with lack of careful vetting and oversight occurred earlier with the Illuminate breach, as I wrote at the time, whose posted privacy addendum hinted that the data was not properly encrypted.  And while the DOE contract with Illuminate said they were entitled to security audits, it is unclear if they ever asked for one.

In any case,  I never got the meeting with Dennis I had requested nor did I receive any response to my warnings about PowerSchool.   

Even earlier, according to a January 2022 expose in The Markup, Naviance was found to have allowed colleges to place ads within its platform, disguised as objective recommendations, including ads that targeted only white students. – a practice that is clearly illegal under NY State law.

In May 2024, a multi-state parent class action lawsuit was filed in California alleging that PowerSchool disclosed personal student data, including highly sensitive health and disciplinary records to its third-party "partners" for commercial purposes,  illegal  in California, New York and many other states.  Among other data points, the lawsuit pointed out that Naviance collects student citizenship status, which is especially sensitive data these days given the threat of immigrant deportation. More about this lawsuit here. Yet this news did not deter Bain Capital from acquiring PowerSchool in October 2024  for $5.6 billion.

Following the December 2024 breach, many states and districts have now sued PowerSchool for failing to implement the most basic security measures to protect against breaches, including multi-factor authentication.  These lawsuits are demanding damages, and the court to require the company to strengthen its overall security systems, undertake a third-party security audit, and appoint an independent party to monitor progress. Some of these lawsuits, including one filed in the Eastern District of New York, have been now consolidated into a single court case in California.  Many parents have joined separate class action lawsuits, organized by private law firms as well. 

Two weeks ago, I wrote Dennis Doyle once again, and asked him the following question:

 “What oversight does DOE maintain to ensure that PowerSchool and vendors in general to hold to the security protections in their contracts, especially given the weak language in its privacy addendum?  This breach revealed that PowerSchool failed to use the most basic security measures, like multi-factor authentication, leading to  least 23 lawsuits, including many states with far less protective privacy laws than NY. Clearly, they did not employ data minimization or deletion, as the law requires, given that the data of former students was breached.”

This was his brief response: “ Our vendors undergo a security review conducted by DIIT and, for those storing data in the cloud, a cloud review conducted by OTI.”

No acknowledgement was made of the obvious fact that these security reviews failed to identify the profound weaknesses in PowerSchool’s cybersecurity practices, or any of the other breaches that showed the lack of required measures to secure student data.

I also asked Dennis if he intends “to ask PowerSchool to revise their privacy addendum to fully comply with Ed Law 2D, and/or to take any other actions to discourage schools to use the other 16 PowerSchool products posted on your website that DOE has made available to schools, many of them with access to extremely sensitive teacher and student data?”

He responded this way: “ As I stated earlier, our data-processing agreement with PowerSchool requires them to fully comply with Ed Law 2-d, notwithstanding any response to the contrary in the supplemental questionnaire.”  Our full exchange is posted here.

This is irresponsible in my view.  DOE should have advised schools following the breach to cease using any of the 17 products supplied to schools by PowerSchool that collect highly sensitive teacher and student data, and should have immediately notified parents at the affected schools of the threat to their family’s privacy, as other districts in the state and nation did.  DOE should also have also posted on their website more information about this breach, including the names of the affected schools and warned former students at these schools that their data may have been accessed as well.

In any case, DOE should do this now, given the renewed ransomware threats, and put out a press release to ensure that all parents, students, and former students at these schools sign up for the identity theft insurance and credit monitoring services offered by PowerSchool, as well as alerting them not to respond to cybercriminals if approached.

Whether the DOE itself could be in legal jeopardy by failing  to inform parents in a timely manner of the breach and waiting months to alert them to the steps they should take to prevent further disclosures, and/or the manner in which they ignored red flags in their PowerSchool privacy agreement, are questions that only an experienced attorney could answer. 

In any case, please read our letter in opposition to the further weakening of the DOE privacy policies, and consider signing it.

Comments on the SHSAT and the Chancellors Privacy regulations

Dec. 13, 2024

On Wednesday, night, the new Public Engagement Committee of the Panel for Education Policy, NYC’s school board, met to hear from the public on two controversial issues, a contract for Pearson to produce a new computerized version of the SHSAT, the entrance exam for the Specialized high schools, and also  DOE’s  proposed revisions to the Chancellors regulations A- 820, that govern student privacy.

The proposed Pearson five year contract for the SHSAT at cost of $17 million took up most of the time, with many parents concerned that any further delay in a vote to approve the contract that had already been postponed twice would threaten the ability of their children to attend one of the eight elite schools that decide admissions solely by means of that one exam.  

My comments follow, suggesting that the PEP only renew the contract for one year, and base any further renewal on specific conditions.  I also include my comments on the Chancellors regulations.  Shannon Edwards of AI for Families also offered excellent comments on this critical issue; you can read them here.

A video of the proceedings is here. Whatever happens, it’s real progress that the Panel for Education Policy seems interested in hearing from the public on these critical issues, rather than merely rubberstamping whatever the Mayor wants them to do.

 Statements on SHSAT

Thank you for holding this public session this evening.  As the American Psychological Society, the American Education Research Association, the National Academy of Sciences, and the testing companies themselves proclaim, no high stakes decision such as admissions to any school should be based upon test scores alone.

In fact, NYC is the only district in the nation that uses this unacceptable method for admissions to any single school, and yet we do it for eight schools, with a test that is non-transparent, scored in a highly unusual way, and is designed by Pearson, a company that has been shown repeatedly over more than a decade to engage in improper behavior and to  administer faulty tests and score them erroneously, year after year, starting with the infamous Pineapple questions on the 2012 state exam that not only  made news nationwide but  became a symbol of everything wrong about standardized testing.

 We have offered a timeline of these issues on our NYC Parent blog – none of which, by the way, did DOE report on in their Request for Authorization, as they should have been. .

We understand that the state requires a standardized exam, but we urge you to amend the terms of the contract so that it is renewed for only for one year, and condition any further renewals in the years to come on the following  three demands:

• DOE should use this test for admissions only for the three schools that are required to use a standardized exam by state law. 

• Consider whether another standardized test could be used instead for these three schools at lower cost or even for free, such as the state exam, as the law only says that a standardized exam should be used, and doesn’t specify which one, and also given how Pearson has a long history of errors and misdeeds;

• Finally, require full test transparency, including an independent analysis of the SHSAT for racial and gender bias, a formal validity study that shows whether the scores predict HS performance, and an analysis of how the results of the new computer-based adaptive exam compared to the earlier paper-based, non-adaptive exams.  

This sort of transparency has been requested for at least 16 years by researchers, but has not been provided.

 The importance of independently analyzing the exam for gender bias is paramount, as girls are accepted to the specialized HS at far lower rates than boys, and there is peer-reviewed, published research showing that those who are accepted do far better than boys who received the same scores.

 On the Chancellors A-829 proposed privacy regulations

Hi again, my name is Leonie Haimson and I am the co-chair of the Parent Coalition for Student Privacy.   We helped get a new  state student privacy law passed in 2014, Ed Law 2D, when we realized how ineffective the federal privacy protections for student data were in an era of ed tech expansion. 

I was appointed to serve on the state education department Data Advisory Committee, and  have  been advocating for years for the DOE to update their  Chancellors regulations A820, but was horrified to see that when this was finally done, they weakened rather than strengthened the existing privacy regulations, despite  widespread breaches and misuse of data that has occurred over the last few years. This includes the Illuminate breach that exposed the personal data of over one million current and former NYC students.

According to these regs, DOE and individual schools could disclose a huge range of student and parent info with anyone they please, and without any enforceable privacy or security protections, including but not limited to: their names; addresses; telephone numbers; e-mails; photographs; dates of birth; grade levels; enrollment status; dates of enrollment; participation in officially recognized activities and sports; weight and height and more.

They propose doing this by designating this info as “Directory Information”  -- an outmoded provision of FERPA from the 1970’s that allowed the disclosure of any information that would not be considered too risky  to divulge.

Yet this ignores the fact that there is NO mention in Ed Law 2D of Directory Information nor any language that would exempt any personally identifiable info from its mandated privacy protections.

Moreover, in this day and age, a child’s name, birth date and home address is sufficient for identity theft, as the NY Dept of State warns, which is especially valuable to fraudsters given that minors do not already have credit ratings.

Personal student data can also be used for predatory marketing by ad tech and social media companies, bombarding them with ads, and undermining their mental health, as noted in recent lawsuits launched vs Facebook, Instagram & TikTok by New York City and the State Attorney General

This data including photos could  also be used to threaten student safety, leading to sexual harassment, Deepfake porn or even abduction.

Providing student names, photos & addresses could also aid in the Trump administration’s efforts to deport migrant students, based on their residence in hotels or shelters.

As a result of over 3,000 emails sent by parents and teachers to DOE and  Panel members, as well as letters from several elected officials and UFT President Michael Mulgrew, the vote on the regs was repeatedly delayed, and on Nov. 19, the Chancellor held a meeting during which she promised to form a Working group that would collaborate on the regs. Yet we have not heard back from the DOE about this Working Group, [Note: The next day, on Thursday at a CPAC meeting, the Chancellor and her team confirmed that a Data Privacy Working Group would begin meeting next month to strengthen these regulations].

We hope that in the meantime, the PEP will refuse to approve any regulations such as these which so seriously threatens the health, safety, and privacy of NYC students.  Thank you for your time.

Backsliding in terms of transparency: DOE fails to post list of contracts 30 days in advance of vote & refuses to allow PEP members to see them

December 1, 2024

Under every NYC Mayor, highly problematic and even corrupt DOE contracts have been awarded since mayoral control was instituted in 2002.  Just a few of the most egregious examples:

• During the Bloomberg years, a consultant named Ross Lanham stole more than $3 million from DOE in 2002 to 2008, and allowed Verizon and IBM to overcharge for school internet wiring as well. The FCC excluded the DOE from more than $100 million of federal E-rate reimbursement funds for many years as a result.
• Also under  Bloomberg, between 2007 and 2011, Judith Hederman, a high level DOE official, fixed contracts with a firm called Future Technology Associates,  colluding in a successful plot to steal $6.5 million dollars.
  
•  Under Mayor De Blasio in 2015, DOE proposed a $1.1 billion contract for a firm called Custom Computer Specialists, again for internet wiring, renewable to $2 billion over nine years, despite the firm's involvement in the Lanham scandal just a few years before. After the news broke, the contract was hurriedly renegotiated overnight, with the cost cut in half to $627 million, with no other change in terms, suggesting how inflated it was in the first place. The Panel for Educational Policy rubber stamped the contract anyway, 10-1. But because investigative reporter Juan Gonzalez continued to write about it, City Hall eventually cancelled the contract and forced DOE to rebid it, at a savings of between $163 and $727 million. 
  
•  In 2021, Eric Goldstein, head of DOE School Support Services, renewed a million dollar contract for chicken nuggets in return for a bribe, even though the product had been found to contain bone and metal fragments and posed a serious choking hazard to students. 
• In 2023,  Chancellor Banks agreed to a contract with a company called 21stCentEd after it had hired his brother as a lobbyist, triggering payments of more than $1.4 million.

Clearly, the process needs far more transparency and oversight by the Panel for Educational Policy which has the responsibility to approve contracts. And yet this administration has slid backwards in terms of transparency.  

 

As a result of the scandal generated by the inflated Custom Computer Specialists contract, which was posted only a few days before the PEP vote, the DOE agreed from then on to post all proposed contracts at least 30 days prior to allow for more public scrutiny.  See the articles about this promise in the Daily News and Gotham Gazette at the time.  However, this administration does not adhere to this promise.  For example, the list of contracts to be voted on during the December 18, 2024 PEP meeting is still not posted-- only 17 days away.

 

The ability of PEP to perform oversight has also been severely hampered by the fact that its members are denied the right to see the actual contracts before their vote. The excuse given by DOE to members is that the actual contracts are not written until after they are approved --a highly problematic way to do business.  And yet it has not always been done this way..

During the Bloomberg years, Patrick Sullivan, the Manhattan Borough Appointee to the PEP was allowed to examine proposed contracts before the Panel vote,  as he recounts in a recent memo to PEP Chair Greg Faulkner and other current PEP members.  Patrick was granted this  opportunity after then-chair of the Assembly Education Committee Cathy Nolan and Assemblymember Daniel O'Donnell wrote a letter to Chancellor Klein, stating, "We are concerned that providing only a summary of contract materials to the PEP does not allow the body to fulfill its responsibility and urge you to reexamine this policy."  Patrick's memo to the PEP is below.

Oct. 31, 2024

To: Chair Faulkner and members of the Panel for Educational Policy 

From: Patrick Sullivan, Manhattan BP Appointee, 2006-2013

Subject: Review of actual contracts by Members of the Panel for Educational Policy

As the New York state law defining mayoral control was approaching sunset in 2009, I joined advocates to ask the legislature to strengthen oversight provisions. I testified before Assembly and Senate panels asking for the PEP to have a greater role in approving contracts and changes in school utilization. I joined the president of CEC1 and advocates to make this case directly to then Assembly Sheldon Silver.

As a result of these efforts, contract approval by the PEP was greatly expanded in the 2009 law. The requirement that any contract greater than a million dollars be approved put most material contracts under our purview.

The DOE resisted complying with the law. They refused access to the contracts we were to approve and directed us to summaries they prepared. I asked Assembly member Danny O’Donnell to intervene. He was the only Manhattan member on the Assembly Education Committee and my contact for legislative matters for the public schools. 

The next day, he and Assembly Education Chair Cathy Nolan sent a letter to Chancellor Klein
him of the DOE’s obligations under the law, urging him to allow PEP members to be able to read
the actual contracts before the vote.

After that full copies of contracts were made available for my review in person at Tweed. I customarily reviewed those of interest the day before the Contracts Committee met. I also requested and received RFPs (requests for proposals) where I found areas of concern in contracts.

This review was invaluable to my oversight role. In one case, for example, my inquiries based on
my review triggered communications between fraudulent actors within DOE and a large vendor. This inquiry and the subsequent communications were cited in the SCI investigation in support
of their findings of fraud. In another case, a contract was rescinded by full vote of the PEP at my
request.

I strongly believe that only with the opportunity to access to the actual contracts, can PEP members responsibly fulfill their oversight responsibilities.  Feel free to contact me if you have any questions.

Patrick Sullivan

How DOE & FACE screwed up the elections for new PEP members

An article about DOE's terrible administration of these elections is here.

 

Dec. 22, 2022

Ms. Kenita D. Lloyd

Deputy Chancellor for Family and Community Engagement and External Affairs 

Dear Deputy Chancellor Lloyd,

The Education Council Consortium (ECC) denounces the New York City Department of Education’s (DOE) 2022 Panel for Educational Policy (PEP) member election and calls for the reopening of voting. 

In June of 2022, the New York State Legislature amended the constitution of the PEP by adding 5 new members, to be elected by Presidents of Community Education Councils.  Despite the statutory timeline, DOE continuously delayed the process, resulting in confusion and chaos, ultimately leading to the disenfranchisement of eligible voters.  The DOE failed to provide sufficient notice of the election, providing less than 72 hours notice of the date of the election, and only sending notice via email.  The DOE held an unreasonably short voting period of less than 24-hours and did not provide an alternative method of voting for voters without access or needing digital accommodations.  These circumstances and more, served to disenfranchise CEC Presidents who were eligible and entitled to vote in the election of the borough PEP members.

The DOE did not provide sufficient notice of the election.  CEC Presidents were given less than 72-hours notice of the date of the election, and were only notified of the election via email.  As a result, eligible voters that didn’t check their email during that 72-hour period were not notified of the date of the election, and thus were not able to vote.  Additionally, the DOE’s decision to hold an election without providing at least one week’s advanced notice is a deviation from past practice.  For example, for the DOE’s bi-annual CEC member elections, notice is provided months in advance, and using multiple mediums (paid media advertisements, mail, social media, email, phone calls, text messages, etc.).  Even parent-run elections, like PTA board and Title 1 representative elections require at least 10 days of advanced notice.  In addition to the lack of timely notice, DOE should have supplemented the notification email with one other form of notice (e.g. call or mailing).  Voters should have had at least a 10-day notice period, similar to other parent elections, so that voters could schedule properly.

The DOE held an unreasonably short voting window considering the nature of the election.  The DOE provided voters with a less than 24-hour window to vote.  The notice regarding how to vote and the link for the ballot was sent to voters the night before the voting window began, and there were technical glitches in the system that had not been resolved at the time of the notice.  Again, requiring everyone to vote electronically without providing a reasonable period of time for voting is unacceptable.  The candidate forum, where candidates presented their campaign platforms, was held the night before the 24-hour voting window, and the DOE had not even made the recordings available for viewing.  Expecting voting to occur before DOE was even able to make all of the voting information available demonstrates the unreasonably short notice and voting window.

Similarly, new and arbitrary rules restricting voters’ ability to have a voting proxy disenfranchised voters who were unable to cast their ballot.  For example, a CEC 1’s President whose brother had recently passed away had appointed her Vice President to serve as her proxy, per the CEC’s bylaws.  The night before the voting window began, an arbitrary rule preventing proxy voting was issued via email.  CEC 1’s President did not receive the notice until after the election, and the CEC 1 Vice President was not allowed to vote.  The creation of new and arbitrary policies in the ninth hour had the effect of disenfranchising voters.

December is one of the busiest times of the year for many.  CEC Presidents juggle job responsibilities, and family and personal obligations, on top of their role as CEC Presidents.  Adequate notice for meetings and reasonable time windows for voting are required.  The DOE’s PEP member election should be held to the same requirements as those set for PTA, CPAC, and CEC elections.

 

In Partnership,

NeQuan C. McLean

President

How another sketchy contract to be voted on tomorrow by the Panel for Educational Policy highlights the need for more financial accountability in the current system

Update Wed. night; at 8:30 PM. Amazingly the PEP voted down this Contract, only the 2nd time in its history.  "The vote was 6 yes, 5 no votes & 3 three abstentions the resolution does not pass." Tom Allon, mayoral appointee voted no, as did the new Manhattan appointee Kaliris Salas Ramirez, the new Brooklyn appointee Tazin Azad, and the  Bronx appointee Geneal Chacon, and Tom Shepherd, the CEC appointee. Mayoral appointee Alan Ong abstained, as did the Queens appointee Deb Dillingham and Staten Island appointee. Jaclyn Tacoronte. More on this here.. 

Update later in the afternoon on March 22: since I posted this a few minutes ago, the Mayor's office announced his nine appointments.  Newly announced member (presumably to replace Joe Belluck) is Dr. Vasthi Acosta, the executive director of Amber Charter Schools. There are several reps connected with charter schools, and I am quoted in the NY Post about why this is problematic.

Tomorrow, Wed. March 23 will be the second meeting of the NYC school board under our new mayor, Mayor Eric Adams. Since Mayoral control was instituted in 2002, the board has been composed of a super-majority of Mayoral appointees. 

At that time, it was renamed the Panel for Educational Policy (PEP) by then-Mayor Bloomberg, though according to state law it is still officially called the NYC Board of Education. Among the Panel’s duties is to approve Department of Education contracts, with many inflated and wasteful contracts rubber-stamped over the last twenty years. Only once in its history has it voted down a contract: last year, when a majority of members voted in the midst of the pandemic not to approve a contract to Pearson for the test given to four-year-old students to be admitted into NYC’s controversial gifted program. 

Even though the law requires monthly meetings of the PEP, the Chancellor cancelled the January meeting.  Eight new members appointed by the Mayor participated at the February meeting, though their names and contact information are still not posted on the relevant PEP page . Instead, the names that are listed still include the eight members appointed by de Blasio, who vacated their posts at the end of December. The identities of the new appointees can be found in the minutes of the February meeting, though no contact information or biographies. 

The ninth member who was slated to be appointed by the Mayor in February was Joe Belluck, an attorney who is also the chair of the SUNY committee that authorizes charter schools. Belluck withdrew his name right before the meeting. This was presumably due to conflict-of-interest issues, given that charter schools take away valuable public school space through co-locations approved by the Panel, and now cost the DOE budget more than $2.6 billion dollars annually. (Full disclosure: my organization, Class Size Matters, put out a press release against Belluck’s appointment the day before he withdrew.) 

The new schools Chancellor David Banks, also appointed by the Mayor, has repeatedly said he wants to save money by cutting waste and the bureaucracy. At tomorrow’s meeting, among the many contracts they will be voting upon tomorrow is one for a company called 22nd Century Technologies, at $16.5 million per year, renewable for five years at a total of $82.5 million. The contract is listed as “Recruiting and Staffing Services for Temporary Professionals.” This company, the contract proposal says, will be paid to hire “consultants in a wide range of disciplines across DOE schools, central offices, and/or NYCDOE Borough/Citywide offices” and will be “responsible for identifying, processing upon selection, and managing the consultants it recruits and those referred by the DOE.” The company will charge “markup fees of 17.35% and 22.50% for DOE-referred and vendor-recruited consultants, respectively.” 

There is little detail about what these consultants will actually be doing, except for that they will be “used in a wide variety of areas including special education, curriculum design and development, all of which are needed to ensure the successful execution of several temporary DOE projects or needs. “ The mention of curriculum design may relate to the Mosaic curriculum, which initially being developed by “a team of administrators and teachers … during their off hours”, according to the Daily News, but whose roll-out has been delayed. Of the $16.5 million being paid to this company, the document says nearly half will go to “supporting work that is legally mandated specialized expertise” and “supporting stimulus projects” – which I assume means federal stimulus funds, without identifying what this expertise or these projects involve. 

The reason for hiring consultants, the document claims, is that “because consultants are better suited to complete short-term tasks for schools and/or offices, instead of using full-time DOE employees.” Even if the use of consultants is advisable in this case, there is no reason why the DOE should not hire consultants directly, but instead must pay another company to hire and manage them, with a markup of 22.50% and/or 17.35%, the latter if DOE officials recruit these consultants themselves. In any case, we can expect that the mayoral appointees will rubber-stamp this contract as they have in the past, with few if any questions asked, and no discussion of larger issues. 

The DOE has lost millions in fraudulent contracts since Mayoral control was instituted in 2002. Just some of them are recounted in my City Council testimony from 2011. What this testimony doesn’t include is what happened four years later. In 2015, along with then-Public Advocate Tish James and CM Danny Dromm, we blew the whistle on a proposed $1.1 billion five year contract, renewable at $2 billion, that was supposed to be awarded Custom Computer Specialists, a computer wiring company that had been involved in a kickback scheme just a few years before. The PEP approved this contract anyway, with a vote of 10-1, but as a result of the ensuing scandal, City Hall kicked it back, and the contract was rebid and awarded to several different companies at a far reduced price of $472 million, with savings to the city of between $163 million and $627 million. 

Another result of the CCS scandal was that DOE promised from then on to publicly to post all prospective contract requests for authorization at least 30 days in advance, to allow for more scrutiny by Panel members as well as to allow for improved independent oversight. As Juan Gonzalez wrote about this result in the Daily News: “Tweed will even post information on all bids on its website 30 days before the scheduled vote by the panel, and has committed to do the same with other contracts.” Yet the DOE stopped doing this in April 2020 – nearly two years ago. 

According to a New York state education law passed in 2005, all school board members must receive at least six hours of training in financial oversight, accountability, and fiduciary responsibilities. There is an exception in the law for NYC, but only if as the chancellor annually certifies to the commissioner in writing that the training they provide “meets or exceeds the requirements of this section.” Yet PEP members have told me privately and been quoted in the media to say that they have received only minimal training in financial oversight – and much less than the six hours that the law requires. 

 I recently filed a Freedom of Information request to the State Education Department for a copy of the annual certification from the NYC Chancellor, attesting that the training provided PEP members was compliant with the law, for the years 2019, 2020 and 2021. I received a response from NYSED that they had received no such certification. 

This is one of the reasons in my recent testimony before the State Legislature on Mayoral control, I strongly recommended that the governance law in NYC be amended to require that the City Comptroller’s office take over this important responsibility. The DOE has gotten in trouble before when hiring companies to manage consultants – in the case of the Ross Lanham scandal, in which Custom Computer Specialists was also involved and millions were fraudulently charged to DOE for a different computer wiring scheme, as detailed in a report from the office of Special Investigator and in the indictment by then- US Attorney Preet Bharara. This scandal apart from the money stolen cost NYC more than $100 million in federal E-rate funds. 

This may not happen in this case. But if the Chancellor is concerned about cutting down on waste and bureaucracy, this is a strange way to go about doing it.