danielo | Shutterstock

In February, the Federal Student Aid office of the Department of Education advised all entities with an active Program Participation Agreement with the department that it will begin strictly enforcing the requirement that they comply with the data privacy and cybersecurity requirements set forth in 16 C.F.R. Part 314 and administered by the Federal Trade Commission.

Although all institutions have been subject to these compliance requirements for some time (technical application dates back to 2003, and auditing requirements date back to 2016), enforcement actions by the DoE and FTC in the wake of non-compliant audits have been lacking, until now.

More at Taft