Millions of students are receiving legal notices regarding a $17.25 million settlement involving Naviance, a college readiness platform used in high schools. The lawsuit alleges the software tracked confidential student activity without consent. This case points to gaps in how school districts monitor their digital tools.
What Happened
In late April 2026, high school students began receiving court-authorized emails about a class-action settlement. The lawsuit alleged that PowerSchool, the owner of Naviance, integrated third-party analytics software to track student communications and activity.
The settlement covers anyone in the United States who logged into Naviance between August 18, 2021, and January 23, 2026. Eligible families can file a claim for a pro-rated cash payment. PowerSchool denies any wrongdoing and settled to avoid the costs of ongoing litigation.
This privacy lawsuit is separate from PowerSchool's December 2024 data breach, which exposed records for roughly 62 million students. That breach compromised Social Security numbers, disability accommodations, and individualized education programs (IEPs). These incidents have caused increased scrutiny from parents regarding the use of data-heavy educational technology.
The Bigger Picture
Classrooms rely on digital ecosystems, and districts often shift data management to third-party vendors. Under the Family Educational Rights and Privacy Act (FERPA), outsourcing a service does not outsource responsibility. District leaders remain legally accountable for the disclosure of education records.
School board procurement is often treated as a procedural formality. Technology renewals are driven by contract timelines rather than privacy reviews. This creates an oversight gap where vendor relationships continue with little public scrutiny.
This lack of oversight is riskier as schools adopt platforms that integrate artificial intelligence for college planning and recommendation writing. As we previously reported, updated 2026 privacy rules require strict boundaries on how AI tools process student information. If a vendor uses student writing samples or personal data to train their AI models, that data may become part of the system’s permanent knowledge base.
To prevent unauthorized disclosures, districts must ensure vendors sign a formal Data Processing Agreement (DPA) to qualify as a "school official" under FERPA. If a tool generates outputs that significantly affect individuals, such as academic progression, human review is necessary.
What This Means for Families
The burden of discovering privacy violations falls on students and parents. In the Naviance case, many students were unaware of the lawsuit until the legal notice appeared in their inboxes.
When schools fail to maintain a structured inventory of their digital tools, they leave families exposed to unauthorized tracking. Parents should assume that any school platform shares behavioral data unless the district can prove otherwise through a verified, up-to-date vendor audit.
What You Can Do
File a claim if your child used Naviance between August 2021 and January 2026. Visit the official settlement website to verify eligibility and submit a claim before the August 2026 deadline.
Monitor for identity theft. Because PowerSchool's December 2024 breach exposed sensitive records like IEPs and medical conditions, families should freeze their children's credit and monitor for fraudulent activity.
Demand local audits. Ask your school board to implement a repeatable operating discipline for technology audits, requiring IT and legal teams to verify vendor privacy claims annually.