How to Respond When a Parent Asks "Is My Child's Data Safe?"

May 25 / Tiffany Stryck and Haley Boone

In March 2024, Los Angeles Unified School District launched "Ed," an AI chatbot rolled out to 540,000 students with considerable fanfare. By June, the company that built it had collapsed, most of its staff had been furloughed, and a whistleblower had raised serious concerns with district investigators that the platform had mishandled student personal information.1 The district shut the chatbot down. Parents were left without clear answers about what had happened to their children's data.

The LAUSD situation was unusually dramatic, but the underlying dynamic is not. AI tools are being deployed in schools faster than families can be informed, and at some point a parent at your school will ask directly: is my child's data safe? The districts that have a real answer to that question, not a reassurance but an answer, are in a fundamentally different position than the ones that cannot say what tools are in use, what those tools do with student data, or what protections are in place. Here is how to build that answer before you are asked.

Have the Information Before the Conversation Happens

A parent data question is not the same as a parent complaint. It is a reasonable inquiry from someone who trusts your institution with their child. The worst response is a defensive one. The second worst is an uninformed one: "Our tools are secure" without being able to say what tools, what data, or what secure means in practice.

Before you are in that conversation, your team needs answers to five specific questions. What AI tools are currently in use with students, by name? For each, is there a signed Data Processing Agreement in place? Does any tool use student inputs to train or improve its underlying model? What student data does each tool collect, and how long is it retained? And if a vendor experienced a data breach or business failure tomorrow, would the district know what data was at risk?

The Future of Privacy Forum's guidance on vetting AI tools in schools identifies the model training question as the one most likely to be missing from district records.2 Many DPAs and tool approvals predate the introduction of AI features. If you cannot answer the model training question for the tools currently in your building, that gap is worth closing before it becomes the context for a parent conversation.

Be Honest About What "Safe" Does and Does Not Mean

Transparency requirements for AI and student data now appear in more than 10 states' guidance documents, according to the Student Privacy Compass analysis of state AI policies, with guidance calling for school administrators to communicate openly with parents and students about how AI tools at school collect and use their children's data.3

That transparency obligation runs in both directions. You should communicate what protections are in place. You should also communicate what is genuinely uncertain. No system is breach-proof. Vendor relationships carry inherent risk. "Your child's data is completely safe" is not a claim any district can make with full confidence, as LAUSD's experience demonstrated. What you can say is what you have done to reduce risk, what agreements govern how student data is handled, and what would happen if something went wrong.

Parents who receive honest, specific answers to these questions tend to respond differently than those who receive reassurances that turn out to be hollow. The former builds trust. The latter erodes it when something goes wrong, which in a large enough fleet of tools, eventually it will.

What Every Parent Response Should Include

A useful response to a parent data question covers four things specifically. First, the names of the tools their child interacts with and what each one generally does. Second, the legal framework governing student data: FERPA, COPPA (including the January 2025 amendments requiring separate consent for third-party data sharing), and any relevant state law.Third, the specific protection in place for the tools mentioned, including whether signed vendor agreements exist and whether any tool uses student data for model training. Fourth, a clear point of contact for follow-up questions.

What the response should not include is jargon without explanation, false certainty, or deflection to technical complexity. A parent asking this question deserves to understand it. If the explanation requires fifteen minutes to unpack, that is a signal the district's communication infrastructure around AI has not kept pace with its deployment.

When the Conversation Requires More Than a Response

Most parent data questions are good-faith inquiries from families trying to understand a new and confusing environment. They can be handled by a prepared principal, curriculum director, or communications lead.

A different category of conversation requires more: a parent who has discovered that a specific tool their child uses was not vetted, or that a vendor agreement does not cover how data was actually used, or that a tool the district deployed has experienced a data incident of any kind. In those situations, the stakes are different, and the response needs to involve legal review, clear documentation, and proactive family notification rather than reactive defense.

The districts that come out of those situations well are the ones that had done the homework before: they knew what data was in the system, they had the vendor agreements in order, and they could tell families specifically what had and had not been compromised. That preparation does not prevent every bad outcome. It does determine whether the district's response to a hard question is reassuring or alarming.

[1] https://www.edsurge.com/news/2024-07-15-an-education-chatbot-company-collapsed-where-did-the-student-data-go

7140 Heritage Village Plaza, 
Gainesville, Virginia 20155 USA
Copyright © 2026