Duane Morris writes:
The Department of Education has issued an electronic notice relating to the updated cybersecurity regulations published by the Federal Trade Commission (FTC). On December 9, 2021, the FTC amended the Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA). This comprehensive amendment updated data security requirements for financial institutions, including all Title IV institutions of higher education and servicers. Any finding of noncompliance with the updated rules will be resolved by the Department as part of its final determination of an institution’s administrative capability. GLBA-related findings will have the same effect on an institution’s participation in the Title IV programs as any other determination of noncompliance. Additionally, if the office of Federal Student Aid (FSA) cybersecurity team determines the institution poses a substantial security threat, it may temporarily or permanently disable the institution’s access to FSA application systems.
Read more at DuaneMorris.
In other education-related news, lawyers at HuschBlackwell write:
Wednesday’s U.S. Department of Education Dear Colleague Letter announces an expanded Department interpretation of the definition of Third-Party Servicer to include a new array of vendors providing student recruiting and retention services, certain software products and services linked to Title IV Federal Student Aid administration activities, and educational content and instruction. Specifically, the new interpretation includes a “catch-all” provision that captures all vendors that “perform any other aspect of the administration of the Title IV programs or comply with the statutory and regulatory requirements associated with those programs.”
A plain-language reading of this new guidance captures an extremely broad swath of products and services not previously considered to be covered as Third-Party Servicer activity.
Read more at HuschBlackwell. See also PhilOnTech for his take on the potential impact of the new guidance.