Protecting Student Information

Institutions have a legal obligation to protect student information used in the administration of Federal Student Aid. The obligations are set forth under Title IV of the Higher Education Act, the Gramm-Leach-Bliley Act and under each institution’s Program Participation Agreement with the USDE.
Undersecretary Ted Mitchell, recently published a follow up Dear Colleague Letter to DCL GEN-15-18 which provided details about a cyber security guide available from the National Institute of Standards and Technology called NIST SP 800-17. The guide provides recommended requirements for ensuring long-term security of information and can be helpful for anyone in EdTech, IT/MIS and operations understand this complex problem for colleges of all sizes.