No business no matter how small or large wants to find itself the target of a class action lawsuit. Unfortunately, in today's litigious society, any failure to protect the online security of personal information fully can lead to such a suit, as the University of Hawaii has learned to its dismay. A handful of data breaches over the course of three years affected as many as nearly 100,000 different individuals.
The breaches in part stemmed from actions taken by retired faculty, including one situation in which a retired professor posted personal information to an insecure website as part of a research project. Such information included dates of birth, Social Security numbers, and names, as well as other information characterized as "extremely detailed”.
A recent settlement in the case has ended with a costly judgment: The University must provide these individuals with 24 months of credit monitoring as well as credit restoration services. The cost to the university to provide these services is estimated to exceed $500,000. Thomas Grande, who was involved in the lawsuit on behalf of the plaintiffs, expressed approval of the costly settlement: "Identity theft is an issue of intense concern. This settlement sets the standard for providing these services to future data breach victims."
Rather than spend $500,000 to fund the settlement, the university would have been better off investing in IT proactively to prevent such breaches. A managed services model for remote IT support and monitoring can be employed to help fully secure websites so that businesses and other organizations can have more confidence in the ways in which they protect personal information.