Christopher Brown reports:
PowerSchool Holdings Inc. is facing three federal lawsuits alleging the education software provider negligently failed to protect the personal information of students, parents, and teachers that was exposed in a December data breach.
Sheilah Buack-Shelton, Tyler Baker, and Kimberly Kinney alleged in separate complaints that PowerSchool breached its duties under common law, contract law, industry standards, and the Federal Trade Commission Act to implement reasonable and adequate data security measures and provide timely notice of the breach.
Information exposed in the incident includes names, addresses, Social Security numbers, contact information, medical and financial information, student grades and grade-point averages, bus-stop information, and employment information, according to complaints filed Jan. 8-9 in the US District Court for the Eastern District of California.
PowerSchool said in a statement, “While we are not commenting on active litigation, our team is focused on providing affected customers, families, and educators with the resources and support they may need as we work through this together.”
Read more at Bloomberg Law.
The cases are Buack-Shelton v. PowerSchool Holdings Inc., E.D. Cal., No. 2:25-at-00037, complaint filed 1/8/25, Baker v. PowerSchool Holdings Inc., E.D. Cal., No. 2:25-at-00040, complaint filed 1/9/25, and Kinney v. PowerSchool Holdings Inc., E.D. Cal., No. 2:25-at-00042, complaint filed 1/9/25.
Before the data breach litigation, there was already privacy breach litigation
The recent breach has made more people aware that PowerSchool was one of two firms sued last year for allegedly collecting and selling student data without the knowledge or consent of students’ parents. EdTech Law Center explains:
Nonconsensual student data mining: PowerSchool and IXL Learning
Cherkin, et al. v. PowerSchool Holdings, Inc., 3:24cv2706 (N.D. CA) (filed May 6, 2024)
Shanahan, et al. v. IXL Learning, Inc., 3:24cv2724 (N.D. CA) (filed May 7, 2024)
These class-action lawsuits against PowerSchool Holdings, Inc. and IXL Learning, Inc. allege that the defendant companies, through persistent digital surveillance, harvest vast troves of sensitive information from children and their families without their knowledge or consent. The companies are alleged to use that information for commercial purposes in violation of families’ privacy, property, and consumer rights.
The named plaintiffs are the parents of students who have used these platforms, on behalf of themselves and their children. The parents argue that, simply by sending their children to school as the law requires, they do not surrender their rights to know what information private companies are taking from their children and how it will be used—and to decide whether to agree to that collection and use.