Dive Brief:
- Over 400 professors from around the country have rallied together in support of a new rule by the Consumer Financial Protection Bureau banning companies from putting "mandatory arbitration clauses" in contracts that inhibit consumers' right to file class action lawsuits, reports MarketWatch.
- The support follows a data security breach at credit reporting agency Equifax, an incident which professors say highlights the importance of consumers being able to sue financial institutions.
- With recent a recent survey showing 77% of institutions vulnerable to IT attacks and other data showing .edu emails being particularly susceptible to theft and sale on the Dark Web, support for the CFPB rule means higher ed leaders ought to consider protecting consumer data for both reputational and legal assurance.
Dive Insight:
Higher education institutions are among some of the most vulnerable sites of cyber risk and theft, because they manage massive amounts of past, current, and prospective sensitive student information— such as social security numbers, banking info and shared passwords, among other things. And as more students come to campus with greater technology, the risk of a cyber breach will only increase, a reality that should be at the top of mind for higher education leaders, especially now that there is widespread support for consumers' right to sue financial institutions in cases like the loss of data. For instance, a report from Digital Citizen Alliance, entitled "Cyber Criminals, College Credentials, and the Dark Web," explains that .edu credentials are especially susceptible to cybertheft because they can be used to purchase goods, and often illicit goods, at discounted rates with anonymity. Specifically, the report discovered that 13,930,176 email addresses and passwords belonging to faculty, staff and students were available for sale in the dark web.
As businesses, higher education institutions have an obligation to protect student data as part of their experience — as loss of data can have terrible consequences for individuals. However currently, statistics show that the majority of institutions are vulnerable to IT attacks that will not only cost them in terms of how they are perceived, but also financially, with the average data breach costing $245 per data, according to teh Ponemon Institute. The incident with Equifax shows that these financial consequences can extend into the long-term as well now, if students or faculty feel compelled to sue when or if a breach occurs. This means that leaders may want to invest more resources in securing their data by updating their hardware safety features, investing in third party services that can better protect data in the cloud, training students on data security and updating online password requirements to include two-factor authentification.