Abstract
Higher education institutions (HEIs) are highly susceptible to cyberattacks, particularly those facilitated through phishing, due to the substantial volume of confidential student and staff data and valuable research information they hold. Despite federal legislations focusing on bolstering cybersecurity for critical institutions handling medical and financial data, HEIs have not received similar attention. This Note examines the minimal obligations imposed on HEIs by existing federal and state statutes concerning data breaches, the absence of requirements for HEIs to educate employees and students about phishing attacks, and potential strategies to improve student protection against data breaches.
Citation
Muxuan (Muriel) Wang, The Lack of Responsibility of Higher Education Institutions in Addressing Phishing Emails and Data Breaches, 23 Duke Law & Technology Review 35-54 (2024)
Available at: https://scholarship.law.duke.edu/dltr/vol23/iss1/2