The many "alumni data breach" stories range from laptops left on airplanes to Social Security numbers posted inadvertently on public web pages to hackers breaking into databases. A series of this last type of incident occurred at Ohio University in 2006. Now, according to the Chronicle,
Ohio University may be turning the page on a string of high-profile hacking incidents that stung the institution last year. The university is already working its way through a thorough revamp of its beleaguered IT office, and now it appears to have dodged a lawsuit filed by two disgruntled alumni.
In the class action suit, alumni asked Ohio U. to cover the costs of credit-monitoring for those whose personal info was exposed when the school failed to secure its network. But the judge ruled that since "the alumni hadn't proved that they suffered any real damages" as a result of the slip up, they are not entitled to protection in the form of credit checks paid for by the school.
Campus officials' defense is technically correct: "There's no evidence that anyone whose personal data were exposed has been the victim of fraud or identity theft." In other words, "Wait until you're sick to go for a check-up." It would be nice if the school helped its alumni to practice preventative medicine, instead of waiting to see if any actual damage was done. But the legal system discourages this approach, and the University is hedging its bets, hoping it can get away without spending any further money on legal remedies.
The plaintiffs were saying that the university should not only improve defective security after the fact, but show that it cares about what happens to alumni. Those of us who work on college campuses know that to alumni, the school seems monolithic, but in reality there's no such thing as "the university." There are many moving parts in that machine. The Alumni Association certainly cares about alumni and their relationship with OU. On the other hand, campus attorneys and PR staff are dutifully protecting the school's reputation. This is their job; but the data security problems were very real.
Meanwhile, as a related aside,the Chronicle's July headline took an uncharacteristic cheap shot at the OU alumni who filed the lawsuit:
"They're Probably Canceling Their Donations Too"
Who benefits from that kind of sarcasm? No one.