This week produced three incidents that together define the current state of K-12 student data risk. Los Angeles Unified, the second-largest school district in the country, voted unanimously to restrict classroom screen time and require a public report on all existing classroom technology contracts, a move that will force the district to account for every vendor currently in students' hands. Missouri's State Treasurer's Office published student names, parent emails, scholarship amounts, and school names for every MOScholars participant on a public website for nearly a year in direct violation of state law, surfacing a gap most districts have not closed: data held by partner state agencies on your students is still your compliance obligation. A federal class action against Curriculum Associates, the Billerica, Massachusetts company behind i-Ready, has survived early motions and now heads toward discovery, alleging the platform transmits student data in real time to third parties including Google, Clever, and Munetrix without proper consent. i-Ready is used by more than 14 million students in grades K-8. And a North Carolina student's fight against a false AI detection accusation has surfaced a gap every district needs to close before the end of the school year: when a teacher uses an AI detector to flag a student, what is the district's documented standard for how that accusation is evaluated, appealed, and resolved?
1
Breaking
Los Angeles Unified votes unanimously to restrict classroom screen time and require a public audit of all classroom technology contracts, becoming the first major school district to impose formal screen time limits
EdSource, District Administration · April 22, 2026
What happened
The Los Angeles Unified School District board voted 6-0 on April 22, 2026, to restrict classroom screen time across grade levels, following months of pressure from a parent group called Schools Beyond Screens. The resolution directs staff to develop a policy by June 2026 ahead of the upcoming school year. It calls for developmentally appropriate guardrails on instructional technology for all grade levels, restricts younger students' use of school-issued devices, and prohibits student-led use of YouTube and other streaming platforms during instruction. Critically, it also requires the district to present a public report on all existing classroom technology contracts. The vote makes LAUSD the first major school district in the United States to impose formal classroom screen time limits. The action comes as California's Phone-Free School Act, Assembly Bill 3216, takes effect July 1, 2026, requiring every school district, charter school, and county office of education in the state to adopt a policy restricting or prohibiting student smartphone use during the school day. Board member and co-sponsor Karla Griego stated that a policy addressing screen time for the district's youngest learners is long overdue. LAUSD serves approximately 540,000 students.
Who's affected
LAUSD's 540,000 students and every teacher and administrator who relies on school-issued devices for instruction. All California districts face a July 1, 2026 deadline to adopt a smartphone restriction policy under AB 3216, regardless of what LAUSD does. Districts outside California should treat the LAUSD vote as a signal about where policy is heading nationally: parent pressure on screen time is organized and effective, and districts without a written, documented position on classroom technology use will face that pressure without a policy to point to.
Compliance Exposure
The requirement that LAUSD produce a public report on all classroom technology contracts is the compliance signal that applies beyond screen time. If your district cannot produce a current list of every classroom technology vendor, what data each one accesses, and what the contract terms are, then a public records request, a parent complaint, or a state audit could expose a gap your district cannot close quickly. California's AB 3216 also creates a documentation requirement: the smartphone restriction policy must be updated every five years, and exceptions for IEP or 504 accommodations must be explicitly addressed in writing. Districts that draft a cellphone ban without considering students with disabilities face immediate special education compliance questions.
Recommended Action
California districts: confirm your AB 3216 compliant smartphone restriction policy is drafted and scheduled for board approval before July 1. The policy must address IEP and 504 exceptions explicitly. All districts: compile a current inventory of every classroom technology tool in active use, the vendor behind it, what student data it accesses, and the contract terms. The LAUSD board voted to make this list public. You should know what is on your list before anyone asks for it. If any tool on that list lacks a signed data processing agreement, flag it for immediate review.
Workflow Impact
Instructional Technology: Compile a current classroom technology contract inventory and confirm AB 3216 compliant smartphone policy is in place before July 1, with explicit IEP and 504 accommodation language2
Missouri Treasurer's Office publishes student names, parent emails, scholarship amounts, and school names for all MOScholars participants on public website for nearly a year, violating the state law that explicitly prohibits it
Missouri Independent · April 21, 2026
What happened
The Missouri State Treasurer's Office inadvertently published a directory of students enrolled in the MOScholars private school voucher program on its public website for nearly a year, dating back to at least May 2025. The data included students' names, their parents' email addresses, scholarship funding amounts, and the names of the private schools they attend. The data was embedded in a spreadsheet file posted to the treasurer's website. The embedded data was accessible to anyone who manipulated the file. The Missouri Independent discovered the exposure and notified the treasurer's office, which removed the file. The law governing MOScholars explicitly states that no personally identifiable information of any student may be posted on the treasurer's website. State Treasurer Vivek Malek's office confirmed the spreadsheet could be manipulated to reveal the student data but characterized the information as directory information that is not generally considered harmful. State Sen. Rick Brattin, chairman of the Senate Education Committee, called the incident a massive oversight. The treasurer's office had a prior data exposure in 2024, which a spokesperson called a clerical error.
Who's affected
All Missouri families enrolled in MOScholars across three years of the program. Every district whose students participate in a state-administered voucher, scholarship, or grant program should treat this as a prompt: when your students' data is held by another state agency, that agency's handling of that data is still a FERPA compliance concern for your district. You are not always the agency responsible for a breach, but you may carry a notification obligation when your students are the affected population.
Compliance Exposure
The Missouri law governing MOScholars explicitly prohibits posting student personally identifiable information on the treasurer's website. Publishing it for nearly a year, then characterizing it as directory information after removal, does not resolve the statutory violation. For districts: the exposure was not in the visible spreadsheet content but in embedded metadata that staff who posted the file did not know was there. This is the specific gap the CoSN 2026 FERPA session identified last week: staff who publish files do not always know what data is embedded in them. Federal monitors would ask whether your district has a procedure for reviewing file contents before posting anything to a public website and whether your families received notification that their data was publicly accessible through a partner agency.
Recommended Action
Two actions this week. First, if your district participates in any state-administered voucher, scholarship, or grant program, contact the administering agency to confirm what student data it holds, how that data is stored and shared, and what its breach notification procedures are. Ask specifically whether any student data has been posted to a public website in any form, including as embedded or linked data in downloadable files. Second, review any files your district has posted to a public website. Open those files and check for embedded sheets, hidden columns, or metadata that may not be visible in the default view. Posting a file with hidden student data is a FERPA violation even if no one knew it was there.Workflow Impact
Student Data Privacy: Confirm breach notification procedures for state-administered programs involving your students, and audit public-facing downloadable files for embedded or hidden student data3
Federal class action against Curriculum Associates, maker of i-Ready, survives motion to dismiss and advances toward discovery, alleging the platform transmits student data to Google, Clever, and Munetrix in real time without proper consent
EdTech Law Center, The Educators Room · April 2026
What happened
A federal class action lawsuit filed December 22, 2025, against Curriculum Associates, Inc., the Billerica, Massachusetts company behind the i-Ready educational platform, is advancing in federal court in Massachusetts. Curriculum Associates filed a motion to dismiss on February 27, 2026. Plaintiffs filed their opposition on April 3, 2026. A federal judge has not yet ruled. The lawsuit, M.C. v. Curriculum Associates, alleges that the company unlawfully collects and shares student data without proper consent. Specifically, plaintiffs allege that i-Ready transmits student data in real time to third-party vendors including Google, Clever, and Munetrix, and that the company builds psychological and behavioral profiles on students that follow them beyond their time in the platform. Claims are brought under the Federal Wiretap Act, the California Invasion of Privacy Act, the California Comprehensive Computer Data Access and Fraud Act, and the Massachusetts Consumer Protection Act, as well as negligence and unjust enrichment. Curriculum Associates called the lawsuit an ideologically motivated crusade and denied the allegations. i-Ready is used by more than 14 million students in grades K-8. Curriculum Associates is a private-equity-backed company with approximately 2,700 employees and around $750 million in annual revenue.
Who's affected
Any district using i-Ready, which is one of the most widely deployed reading and math diagnostic platforms in K-12. Districts that signed data processing agreements with Curriculum Associates should confirm what those agreements say about third-party data sharing with companies like Google, Clever, and Munetrix. If your DPA permits sharing with those companies, confirm your district was aware of and consented to that sharing. If your DPA does not address third-party sharing, the lawsuit's allegations indicate there may be undisclosed sharing your district did not authorize.
Compliance Exposure
Under FERPA, the school official exception that permits vendors to access student data requires that vendors use the data only for the purposes for which the district contracted with them. If Curriculum Associates is sharing student data with Google, Clever, or Munetrix in ways not disclosed to districts or not covered by the school official exception, districts that used i-Ready during the relevant period may have been party to FERPA violations they did not know about. Federal monitors would ask: What does your data processing agreement with Curriculum Associates say about third-party data sharing? Did your district review and approve all subprocessors? What notice did Curriculum Associates provide about how student data was transmitted beyond the platform?
Recommended Action
Pull your current data processing agreement or vendor contract with Curriculum Associates. Look specifically for language on third-party sharing, subprocessors, and what companies the platform is permitted to transmit student data to. If the agreement is silent on these points or predates your current use of i-Ready, contact Curriculum Associates in writing this week to request current documentation of all third parties who receive student data through the platform. Keep a copy of everything you receive. If your district's legal counsel has not reviewed your i-Ready agreement since the lawsuit was filed, schedule that review now. Discovery in this case will produce documents about actual data flows that may be relevant to your district's compliance posture.Workflow Impact
Vendor Management: Review i-Ready data processing agreement for third-party sharing language and request written documentation from Curriculum Associates of all subprocessors currently receiving student data through the platform4
North Carolina student fights false AI detection accusation after teacher uses three detectors scoring 62, 75, and 87 percent probability, none of which meet the state's own published standard for proof
Government Technology · April 24, 2026
What happened
A North Carolina student named Canina was accused of using AI to write a class assignment after her teacher ran the paper through three different AI detection tools, which returned likelihood scores of 62 percent, 75 percent, and 87 percent for AI generation or significant AI assistance. Her mother, De Coster, a sociology professor at N.C. State, asked the teacher to review the Google Docs revision history showing Canina had written the assignment herself. The teacher declined. North Carolina's Department of Public Instruction has published AI guidelines that explicitly state AI detectors have proven not to be dependable and should never be used as the only factor when determining if a student cheated. The state's guidelines further direct schools to use great caution with AI detectors. Canina's case illustrates what happens when a district has state guidance but a teacher applies a different standard: an accusation is made, the student bears the burden of proof, and the district has no documented procedure for how such disputes are evaluated or appealed. Canina, described by her mother as an avid reader and strong writer with a highly developed vocabulary, told the News and Observer she is not going to change the way she writes.
Who's affected
Every district that has not yet adopted a written policy on how AI detection tools may be used in academic integrity determinations. North Carolina's DPI has published guidance. Most states have not. Most districts have not translated whatever state guidance exists into a documented building-level procedure. Students with strong writing skills, English language learners, and students with disabilities are the populations most frequently flagged by AI detectors with false positives, according to North Carolina's own DPI guidance and research across multiple studies.
Compliance Exposure
An academic integrity accusation made solely on the basis of an AI detector score, without documentary review or student due process, creates two compliance risks. First, under Title VI and disability law, if a detection tool disproportionately flags students in protected classes, including ELL students, students with IEPs, and students whose writing quality exceeds the average, the district's use of that tool without safeguards may constitute discriminatory application of academic integrity standards. Second, a student who is disciplined based on an unreliable tool and denied an opportunity to present evidence may have a due process claim. In higher education, courts have already reversed disciplinary measures where AI detection was the sole basis for an accusation, including a 2026 case at Adelphi University in New York where a judge found the process arbitrary.
Recommended Action
This week, confirm whether your district has a written policy on the use of AI detection tools in academic integrity determinations. If it does not, write one before the end of the school year. The policy should state: which AI detection tools, if any, are approved for use; that no accusation may be based solely on a detection score; that students must be given an opportunity to present evidence of their writing process, including revision history in Google Docs or similar platforms; and that a documented appeal process exists. Share North Carolina DPI's published guidance with your teaching staff now. It is the clearest existing standard on this issue and your staff can apply it immediately without waiting for a district policy to be finalized.Workflow Impact
Instructional Technology: Adopt a written AI detection use policy before end of school year and share North Carolina DPI guidance with teachers as the interim standard for what constitutes acceptable evidence in academic integrity determinationsLos Angeles Unified votes to restrict classroom screen time and audit technology contracts
[1] EdSource. “Los Angeles Unified to limit screen time for all students, prohibit use among youngest students.” April 23, 2026. https://edsource.org/2026/classroom-screen-time-limits-policy/756523
[2] District Administration. “Los Angeles schools adopt first major screen time restrictions.” April 22, 2026. https://districtadministration.com/article/los-angeles-schools-adopt-first-major-screen-time-restrictions/
[3] California Governor's Office. Assembly Bill 3216, Phone-Free School Act. Signed September 23, 2024. Effective July 1, 2026. https://www.gov.ca.gov/2024/09/23/governor-newsom-signs-legislation-to-limit-the-use-of-smartphones-during-school-hours/
Missouri Treasurer publishes MOScholars student data on public website for nearly a year
[1] Missouri Independent. “Missouri treasurer's office posted MOScholars student data on its website for nearly a year.” April 21, 2026. https://missouriindependent.com/2026/04/21/missouri-treasurers-office-posted-moscholars-student-data-on-its-website-for-nearly-a-year/
North Carolina student fights false AI detection accusation
[1] Government Technology. “North Carolina Student Fights Accusation of AI Use.” April 24, 2026. https://www.govtech.com/education/k-12/north-carolina-student-fights-accusation-of-ai-use
[2] North Carolina Department of Public Instruction. AI Guidelines for K-12 Schools. 2024. https://www.dpi.nc.gov/districts-schools/classroom-resources/digital-teaching-and-learning/artificial-intelligence-guidance
Federal class action against Curriculum Associates advances toward discovery
[1] EdTech Law Center. M.C. v. Curriculum Associates, case tracker. https://edtech.law/cases/m-c-v-curriculum-associates/
[2] The Educators Room. “Lawsuit Targets i-Ready Maker Over Student Data Privacy Concerns.” April 2026. https://theeducatorsroom.com/lawsuit-targets-i-ready-maker-over-student-data-privacy-concerns/