That was quick – but also interesting. Sean Levin reports:
A former University of Central Florida student body president and member of UCF’s Board of Trustees filed a class action lawsuit against the university Friday after being victimized in UCF’s massive Social Security number hack.
The lawsuit was filed in federal court, in the Orlando division, one day after UCF admitted 63,000 Social Security numbers of current and former students and staff were stolen.
Plaintiff Logan Berkowtiz alleges UCF failed to provide public notice of the breach until Feb. 4, despite “UCF having knowledge of the breach as early as December 2015.”
What’s particularly noteworthy (to me, anyway) is the attempt to hold UCF liable for violating FERPA. As most readers know by now, there is no private cause of action in the FERPA statute, but the plaintiffs are alleging violations of state law requiring compliance with FERPA:
Florida statutes mandate that all universities “shall comply with the FERPA with respect to the education records of students.”
Florida statutes authorize legal action against a university that “refuses to comply” with the state statute adopting FERPA, specifically stating a student “may be awarded attorney’s fees and court costs.”
Read more on ClickOrlando.com. I’m not sure how you argue that a breach is equivalent to refusal to comply with FERPA, but this will be an interesting case to watch.