On December 9, 2021, the FTC published a final rule amending the requirements for safeguarding customer information under the Gramm-Leach-Bliley Act (GLBA). The Safeguards Rule has long established cybersecurity standards under which customer information must be maintained by financial institutions, which include all higher education institution that participate in the federal student financial aid programs authorized by Title IV of the Higher Education Act of 1965, as amended.
The Information Governance Initiative (IGI) recently released its third annual “State of Information Governance” report . Highlights include a sharp rise in IG projects underway and a shift toward organizations deriving value out of properly stored data. Indeed, nearly twice as many respondents (176percent of prior-year baseline) indicated that they are extracting business value from their information.
While external factors to include data breaches and data privacy regulations largely drive IG projects, there is mounting internal pressure to reduce storage costs, limit exposure to potential data breaches, and consolidate data. IGI found that respondents overwhelmingly agreed that information governance is an essential component of internal and external cybersecurity.
Below are key takeaways from the report, including respondent results and IGI’s analysis and recommendations.
On Friday, December 1, the Federal Trade Commission and the Department of Education hosted a workshop examining student privacy in the burgeoning field of “EdTech.” Both agencies regulate certain educational technology aimed at K-12 students. However, FTC rules implementing the Children’s Online Privacy Protection Act (“COPPA”) are not identical to ED regulations implementing the Family Educational Rights and Privacy Act (“FERPA”). To better understand how both rules interact in practice, the agencies solicited public comment and convened panels of experts and stakeholders – including vendors, schools, parents, and regulators.
The workshop explored several key issues, including when a school may provide consent on behalf of participating students; how record retention (and deletion) should be noticed and executed; and what limits to impose on vendors collecting personal student information. In closing, both agencies expressed a desire to provide clear, workable regulatory oversight while meaningfully protecting student privacy.
Acknowledging that schools have “long been targets for cyber thieves,” the Federal Student Aid Office (FSA) of the U.S. Department of Education (ED) posted an alert on October 16, warning school districts and other educational institutions of criminal extortion schemes threatening to release sensitive student data. Recent, similar cyberattacks in Montana and Iowa are being investigated by the FBI.
The Federal Trade Commission (FTC) and the U.S. Department of Education (ED) will co-host a live workshop on December 1, 2017 highlighting two intersecting regulatory regimes: the FTC’s rules implementing the Children’s Online Privacy Protection Act (COPPA), which applies to K-12 schools and to children under the age of 13, and the simultaneous application of the Family Education Rights and Privacy Act (FERPA), which also applies to schools and is administered by ED.
Most institutions of higher education are very familiar with the Family Educational Rights Protection Act (FERPA), which applies to all state and local, public and private educational institutions that receive federal funds through programs administered by the U.S. Department of Education (ED). Unless at least one of FERPA’s exceptions applies, institutions risk sanctions from ED – including the potential loss of all federal funding – if they disclose a student’s personally identifiable information (PII) from an education record without the student’s express prior written consent. Beyond FERPA, higher education institutions have additional legal responsibilities to assiduously secure and protect student data from inadvertent disclosure, particularly financial information maintained by an institution regarding students or their families.