With the focus rightly on the challenges presented by COVID-19, it is also important to keep an eye on what is happening in the world of data privacy and security regulation. One such development involves a little known application of a financial services privacy law to the world of higher education.

On Feb. 28, 2020, the Federal Student Aid office (“FSA”) of the Department of Education (the “DoE”) posted an Electronic Announcement, advising all entities with an active Program Participation Agreement with the DoE (“Institutions”) that the DoE will begin strictly enforcing the requirement that each Institution must comply with the data privacy and cybersecurity requirements set forth in 16 C.F.R. Part 314 and administered by the Federal Trade Commission (“FTC”).

Although all Institutions have been subject to these compliance requirements for some time (technical application dates back to 2003, and auditing requirements date back to 2016), enforcement actions by the DoE and FTC in the wake of non-compliant audits have been lacking. No longer. According to FSA, that’s about the change.


Continue Reading Higher Education Institutions Must Be Prepared: “Enhanced” Cybersecurity Audits are Coming

With at least 70% of American schools shutting down, and others, if not all, to follow, school and millions of parents are faced with unprecedented challenges managing the children’s education from children’s homes through online schooling. Online schooling or “distance learning” presents not only operational and technical challenges of its own, but also presents concerns and challenges to properly protecting the privacy and security of student information. Even in view of a pandemic and emergency conditions, schools and online education providers are still required to meet legal obligations under various laws and implement best practices to not only meet the laws’ requirements but also to foster a secure environment for students to learn. The following provides a summary of the applicable federal and state laws impacting online learning, followed by general best practices.

Continue Reading COVID-19 Bulletin: Online Schooling Data Privacy Concerns and Best Practices During the Pandemic