Daily updates of news, research and trends by UPCEA
Click on the URL at the end of posting to visit the relevant article or website mentioned in the post.
Thursday, February 22, 2018
What to Know About ED's New Stance on Data Breach Reporting - Sean Tassi, Campus Technology
Until recently, colleges and universities that experienced a data breach had no unique reporting obligations to the U.S. Department of Education. Institutions were expected to analyze security incidents under applicable federal and state laws and, when appropriate, notify affected individuals and appropriate federal and state agencies. Because the Family Educational Rights and Privacy Act (FERPA) does not contain a breach reporting obligation, ED had taken the position that a report directly to ED was optional. ED, however, has now changed its stance and has started levying Cleryesque fines — up to $56,789 per violation — against institutions that fail to report a data breach directly to ED.
https://campustechnology.com/articles/2018/02/08/what-to-know-about-eds-new-stance-on-data-breach-reporting.aspx