Now THIS really surprises me. Robyn Craig reports:
The U.S. Department of Education will become involved with [Oklahoma University] regarding the recent security breach, which released thousands of students’ personal information.
The breach, which violated federal law, resulted in the release of student information, including student financial information. Therefore, the U.S. Department of Education is becoming involved based on the release of this information which violates the Gramm-Leach-Bliley Act (GLBA).
Liz Hill, the U.S. Department of Education press secretary provided a statement below via email regarding the department’s involvement with OU.
“The U.S. Department of Education takes allegations of privacy and data security violations very seriously,” Hill said via email. “The office of Federal Student Aid has contacted the university to further assess the institution’s compliance with its data security safeguard requirements according to the Gramm-Leach-Bliley Act (GLBA).”
Read more on OU Daily.
Has the U.S. Department of Education ever followed up on a data breach before with this kind of inquiry under the GLBA? Did they ever inquire after the massive Maricopa County Community College District breach when both this site and EPIC.org asked the FTC to investigate the MCCCD breach under the GLBA?
Someone should file under FOIA to find out how often the US Dept. of Education has investigated breaches under GLBA, and then with what follow-up or action on the agency’s part.