Update on GLBA Safeguards Rule in Higher Education

Benjamin Wanger and Pierce T. Cox of BakerHostetler write: On February 9, 2023, the Department of Education Office of Federal Student Aid (“FSA”) issued an electronic notice regarding the Federal Trade Commission’s Final Rule amending the Standards for Safeguarding Customer Information (“Safeguards Rule”) under the Gramm-Leach-Bliley Act (“GLBA”). The amendments to the Safeguards Rule, which go into effect on June 9, 2023, include updated data security requirements for financial institutions, including all Title IV institutions of higher education and servicers. As set forth in the FSA’s electronic notice, the Department of Education (“Department”) will be responsible for enforcing the amendments to the Safeguards Rule for postsecondary institutions that participate in federal student aid programs. Any finding of noncompliance will be resolved by the FSA as part of its final determination of an institution’s administrative capability. A finding of noncompliance with the GLBA will have the same effect on participation in Title IV programs as would any other determination of noncompliance. Additionally, if the FSA’s cybersecurity team determines the institution poses a substantial security threat, it may temporarily or permanently disable the institution’s access to FSA application systems. Read more at Data Counsel.