Higher education IT leaders are preparing for new federal reporting requirements on cybersecurity, data privacy and web accessibility, Educause’s policy lead, Jarret Cumming, says on the Cutting EDge podcast.
One of the changes is to the Federal Trade Commission’s Safeguards Rule, a long list of breach-notification requirements. CISA and the Department of Justice may also impose additional reporting requirements, Cummings says. Though he says concerns about a federal privacy law can stay on the back burner.
“Unless someone decides to take a crack at rewriting FERPA — and no one seems to be lining up in either the House or the Senate to take that task on — I actually think we’re unlikely to see significant change in privacy requirements for colleges or universities or federal privacy in general,” Cummings says. “That comes back around to the fact that the parties have very fundamental disagreements on key issues as they pertain to comprehensive federal privacy legislation.”
Additional legislative activity at the state level on privacy could happen, Cummings says.
In the news this week:
A top official from the U.S. Department of Education’s Federal Student Aid office is pleading with higher education institutions to report cyberattacks and data breaches the moment they’re discovered. In remarks at a conference last week, Devin Bhatt, the agency’s acting CISO, says the agency isn’t there to punish anyone, just to help.
The FTC sued edtech vendor Chegg for exposing tens of millions of users’ personal information between four major data breaches since 2017. The FTC says roughly 40 million users had their personal identifying information exposed in the incidents.
Campus tech leaders are trying to play a greater role in overall institutional strategic planning, according to the new list of 10 lT priorities released by Educause. The group’s list identified “a seat at the table” as the top priority for higher ed CIOs.
Hear more from the higher education information technology community every two weeks on the Cutting EDge podcast. Listen here.