EDUCAUSE Challenges the US DOE’s Guidance on Data Breach Reporting
Kathleen Dion of Robinson & Cole writes:
On January 30, 2018, EDUCAUSE, a higher education technology association, submitted a letter to the U.S. Department of Education describing concerns that it had with the Federal Student Aid (“FSA”) ability to protect federal student financial aid data. EDUCAUSE’s members include IT professionals from over 1,800 colleges and universities as well as other organizations.
First, EDUCAUSE expressed concerns about letters that various colleges and universities received from the FSA. These letters indicated that a data breach or suspected data breach occurred at educational institutions, and required the institutions to make a full accounting of their information security program. Some of the letters also indicated that the institutions failed to self-report alleged or suspected breaches. It appeared that the FSA identified these institution from news reports, but EDUCAUSE expressed concern that FSA did not confirm that the breaches or suspected breaches occurred prior to sending the letter.
Read more on Data Privacy + Security Insider.