Cybersecurity Update: Protecting Student Data Critical to Continued Participation in the Federal Student Aid Programs – Duane Morris
On February 28, 2020, the U.S. Department of Education’s Office of Federal Student Aid (FSA) issued an electronic announcement regarding the enforcement of the Gramm-Leach-Bliley Act’s (GLBA) cybersecurity requirements for all institutions of higher education participating in the Title IV, Higher Education Act (HEA) federal student financial aid programs and their third-party servicers. The announcement states that auditors are expected to evaluate three GLBA information safeguard requirements in annual compliance audits of postsecondary institutions and third-party servicers. Any finding of noncompliance will be sent to both the Federal Trade Commission (FTC) and the FSA’s cybersecurity team for further investigation and potential adverse action. All Title IV participating institutions should consult with counsel about the very serious consequences and administrative actions that may be taken if they or their third-party servicers fail to meet the GLBA’s information security requirements.
Background
The requirement to protect student data is not new and the recent announcement reminds all Title IV participating institutions of higher education of these longstanding requirements.