Dr. Timothy Kaye, a law professor at Stetson University College of Law, said this is the first time he is aware of a student filing a lawsuit against a university over a data security breach.
The lawsuit raises many technical questions, Kaye said.
“Do they need to keep this data on networked machines?” he said of school officials. “It should make people consider whether everything needs to be networked as much as it is.”
The lawsuit also might prompt colleges and universities to examine how much personal data they collect and store.
“It may be that they need [this information] temporarily, but then could destroy it,” he said. For instance, a university might require an applicant’s Social Security number for admission and financial aid purposes, but the university could then use a randomly assigned number for student identification if that student enrolls at the university.
Many colleges and universities already are paying more attention to how personal student information is stored and used, and the lawsuit now facing UH could cause more schools to examine their own practices, Kaye said, adding: “I think that a lot of these things should be rethought.”
UH-West Oahu spokesman Ryan Mielke said there was no evidence that the faculty member acted maliciously or that any of the information was used improperly. The faculty member, who retired from the West Oahu campus in June, was conducting a study of the success rates of Manoa students and believed he was uploading the material to a secure server.
The university apologized for the incident, saying it was investigating how it happened. It notified the former students by eMail and letters and also alerted the FBI and Honolulu police.
“We are troubled [and] determined to notify everyone according to law and committed to do everything possible in the future to prevent this from happening,” UH system spokeswoman Tina Shelton said.