As a result of these breaches, the personal information of about 110,000 faculty, students, alumni and others were compromised, including names, social security numbers, and dates of birth. The incidents occurred at Kapiolani Community College in April 2009, involving information on students who applied for financial aid; at the Pacific Aviation Training Center at Honolulu Community College in February 2010; in the Auxiliary Enterprise department of the UH-Manoa Parking Office in June 2010; and at the UH-West Oahu in October 2010.
In the upcoming legislative session, Sen. Mike Gabbard said he plans to introduce legislation, modeled after proposals offered by the Liberty Coalition, a Washington, D.C.-based nonprofit civil liberties watchdog group. The coalition is calling for more transparency and accountability, recommending that Hawaii law require organizations responsible for data breaches to provide specific information on the nature of the breach.
The coalition also suggests the state establish a “Breach Victims Trust Account” to be administered by a “Victims Advocacy Agency” and funded by culpable organizations. The money would be available to identity fraud victims. The coalition also recommends that organizations involved in a data breach be required to conduct independent audits as a remedial action.
Sens. Jill Tokuda and Carol Fukunaga, both of whom were endorsed by UHPA in the recent election, announced they will hold an informational briefing with UH administration officials to look into the security breach issue in January.
On November 18, Bruce F. Sherman, attorney with Hawaii-based Grand Law Offices, filed a class action lawsuit in U.S. District Court against the UH administration on behalf of those who were put at risk in the four data breaches. The lawsuit seeks an injunction forbidding the UH from violating the U.S. and Hawaii constitutional right to privacy by unauthorized release of private information and mandating the UH to take appropriate steps to ensure personal information that it has in its possession is protected. The class action suit also seeks compensation for expenses incurred by the victims for enrollment in a credit monitoring program and identity theft insurance.
You do not need to take any action to be a part of this lawsuit; however, victims of the October 18, 2010 breach in which sensitive information was exposed on a UH-West Oahu web server, should take personal action. You can find out what type of information was released by going to www.nationalidwatch.org and entering your name. To protect yourself and identify, please take care of this as soon as possible before the end of the year.
For more information about the four data breaches, visit www.uhdatabreachlawsuit.com or contact attorney Bruce F. Sherman at (808) 221-0901.