×
  • Home
  • About
    • Firm Overview
    • Experience
    • Fraternal Law Conference
    • Conference Sponsorship
  • Our Attorneys
    • Overview
    • Timothy M. Burke
    • Sean P. Callan
    • John E. Christopher
    • Amy M. Hebbeler
    • Patrick K. Hogan
    • Micah E. Kamrass
    • Ilana L. Linder
    • Jacklyn D. Olinger
    • Jacob W. Purcell
    • Jeffrey C. Sun
  • Practice Areas
    • Overview
    • Real Estate and Housing
    • Tax
    • Employment Issues
    • Corporate Governance
    • Grant-Making
    • Litigation
    • Risk Management & Hazing
    • Fundraising & Stewardship
    • State Registration for Greek Foundations
  • Client Resources
  • Anti-Hazing
  • Contact
    • Contact Us
    • Join Our Newsletter
    • Facebook
    • Twitter
    • Instagram
  • Newsletter

The health and safety of our employees, customers and communities are our top priority. Read about our response to COVID-19.

  • Home
  • About
    • Firm Overview
    • Experience
    • Fraternal Law Conference
    • Conference Sponsorship
  • Our Attorneys
    • Overview
    • Timothy M. Burke
    • Sean P. Callan
    • John E. Christopher
    • Amy M. Hebbeler
    • Patrick K. Hogan
    • Micah E. Kamrass
    • Ilana L. Linder
    • Jacklyn D. Olinger
    • Jacob W. Purcell
    • Jeffrey C. Sun
  • Practice Areas
    • Overview
    • Real Estate and Housing
    • Tax
    • Employment Issues
    • Corporate Governance
    • Grant-Making
    • Litigation
    • Risk Management & Hazing
    • Fundraising & Stewardship
    • State Registration for Greek Foundations
  • Client Resources
  • Anti-Hazing
  • Contact
    • Contact Us
    • Join Our Newsletter
    • Facebook
    • Twitter
    • Instagram
513-721-5525
Fraternal Law

Fraternal Law Newsletter

Publications

Newsletter


Articles

  • PENN STATE SUES TO PURCHASE FORMER PHI DELTA THETA CHAPTER HOUSE
  • ARGUMENT HELD IN U. OF FLORIDA CHRISTIAN FRATERNITY APPEAL
  • JUICYCAMPUS.COM CREATES QUESTIONS, AND HEADACHES
  • GENDER THEN AND GENDER NOW: WHAT HAPPENS IF
  • FRATERNITIES MUST NOTIFY MEMBERS AFFECTED BY COMPUTER SECURITY BREACHES
  • Default Judgment In Texas Set Aside
  • DEATH LEADS TO CHARGES AT UTAH STATE

Search

Newsletter > January 2009 > "FRATERNITIES MUST NOTIFY MEMBERS AFFECTED BY COMPUTER SECURITY BREACHES"

FRATERNITIES MUST NOTIFY MEMBERS AFFECTED BY COMPUTER SECURITY BREACHES

Adam Eckstein


Many states and universities have enacted laws and policies, respectively, requiring computer owners to notify potential victims of identity theft when a security breach occurs.  Student organizations, which oftentimes obtain members’ personal information like credit card numbers for reasons from housing to dues to donations, should be aware of these requirements to better protect themselves from computer security breaches and to reduce the instances of their members suffering from identity theft.

A majority of states—at least thirty-five, according to simple survey of state statutes—have laws requiring computer owners or operators to notify those people whose personal information might have been stolen by a computer breach.  While some statutes apply only to government offices, the statutes more often apply to any entity storing personal information in the state.  California’s statute provides a good example of the requirement: “Any person or business that conducts business in California, and that owns or licenses computerized data that includes personal information, shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.”1

While at first blush, fraternities and sororities seem exempt from this statute, the notice requirement trickles down to them students via their university’s policies.  Staying with the California example, the state’s university system has implemented the statute by requiring campuses to “notify California residents whose information is reasonably believed to have been acquired by an unauthorized person.”  Each campus, therefore, has policies requiring their computer network users to adhere to the statute.  From the state to the state school to the campuses, the law eventually lands at each campus’s network users, which includes fraternities and sororities.

These state laws have one explicit requirement and one implicit requirement: notice and investigation.  Ohio law provides another good example of the statute: “Any person that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the system, following its discovery or notification of the breach of the security of the system, to any resident of this state whose personal information was, or reasonably is believed to have been, accessed and acquired by an unauthorized person if the access and acquisition by the unauthorized person causes or reasonably is believed will cause a material risk of identity theft or other fraud to the resident.”2

The main thrust of the statute requires computer owners to “disclose” security breaches to the people who could most be harmed by the breach.  The implicit requirement of the statute is that those who hold personal information of others on their computers must be on the look out for breaches.

In sum, the law holds computer owners who choose to collect others’ personal information responsible not only for notifying those people of identity theft risk but also for keeping the personal information safe.

Computer security breaches can result in legal action, as universities have discovered.  For instance, two graduate students sued Ohio University over five security intrusions that breached 367,000 files containing personal information on a possible 173,000 people.  The charges were ultimately dismissed as the two plaintiffs failed to prove they suffered compensable damages.  But the case should serve as a warning light for fraternities and sororities with no computer security precautions.

Sororities and fraternities should take these laws’ two instructions to heart.  When collecting members’—or their parents’—personal information, including credit card numbers and social security numbers, exercise forethought and ensure that the information is stored securely.  A small investment in anti-virus and security software, and a short conversation with campus’ IT managers about security, can prevent personal information from being stolen and drastically reduce the risk of identity theft.

Furthermore, preparing a standard notice to have on hand will ensure quick notice in the event security measures are unsuccessful.  Notice to potential identity theft victims should inform the recipient about the risk and—though not legally required—should inform the recipient of how to monitor their credit scores to mitigate any effect of identity theft.  These measures will not only bring fraternities and sororities in line with state law and university policy, they will also help the student organizations protect their members from identity theft and credit card fraud that could devastate the members’ future.

1  Cal. Civ. Code § 1798.82(a).

2  O.R.C. § 1349.19(B)(1).

 

JOIN OUR NEWSLETTER

Attorney Advertising. The laws governing legal advertising in the state of Ohio require the following statement in any publication of this kind: "THIS IS AN ADVERTISEMENT." This website is designed for general information only. The information presented at this site should not be construed to be formal legal advice nor the formation of a lawyer/client relationship.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Copyright © 2023 Fraternal Law Partners. All rights reserved.

Privacy Policy Disclaimer
Fraternal Law

Newsletters

Sign Up For Updates

Get the latest news from Fraternal Law Partners in your inbox.

    By submitting this form, you are consenting to receive marketing emails from: Fraternal Law Parnterns. You can revoke your consent to recieve emails at any time by using the SafeUnsubscribe® Link, found at the bottom of every email. Emails are serviced by Constant Contact.