DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Department of Education to Enforce Revised Cybersecurity Requirements and Expands Interpretation of “Third-Party Servicer” Definition

Posted on February 18, 2023 by Dissent

Duane Morris writes:

The Department of Education has issued an electronic notice relating to the updated cybersecurity regulations published by the Federal Trade Commission (FTC). On December 9, 2021, the FTC amended the Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA). This comprehensive amendment updated data security requirements for financial institutions, including all Title IV institutions of higher education and servicers. Any finding of noncompliance with the updated rules will be resolved by the Department as part of its final determination of an institution’s administrative capability. GLBA-related findings will have the same effect on an institution’s participation in the Title IV programs as any other determination of noncompliance. Additionally, if the office of Federal Student Aid (FSA) cybersecurity team determines the institution poses a substantial security threat, it may temporarily or permanently disable the institution’s access to FSA application systems.

Read more at DuaneMorris.

In other education-related news, lawyers at HuschBlackwell write:

Wednesday’s U.S. Department of Education Dear Colleague Letter announces an expanded Department interpretation of the definition of Third-Party Servicer to include a new array of vendors providing student recruiting and retention services, certain software products and services linked to Title IV Federal Student Aid administration activities, and educational content and instruction. Specifically, the new interpretation includes a “catch-all” provision that captures all vendors that “perform any other aspect of the administration of the Title IV programs or comply with the statutory and regulatory requirements associated with those programs.”

A plain-language reading of this new guidance captures an extremely broad swath of products and services not previously considered to be covered as Third-Party Servicer activity.

Read more at HuschBlackwell.  See also PhilOnTech for his take on the potential impact of the new guidance.

Related posts:

  • Updates to the Gramm-Leach-Bliley Act Cybersecurity Requirements
  • FTC Takes Action Against Drizly and its CEO James Cory Rellas for Security Failures that Exposed Data of 2.5 Million Consumers
  • Update on GLBA Safeguards Rule in Higher Education
  • Why federal efforts to protect schools from cybersecurity threats fall short
Category: Commentaries and AnalysesEducation SectorFederalLegislationOf NoteU.S.

Post navigation

← Oops! ‘Phishing’ scam cost small Ohio city $219,000, finance director his job
The Feds Are Launching a Hack Back Squad →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.