The EDUCAUSE Top 10 IT Issues continue to highlight information security and data privacy, and the same holds for the EDUCAUSE Policy Team's top higher education IT policy issues for 2019. Network neutrality returns for 2019, as well, with digital accessibility joining the list for this year.
This year's Top 10 IT Issues highlight the ways in which institutions can orient the management and use of data to foster student success. This emphasis includes ensuring security and privacy as a cornerstone of the trust needed to realize the full potential of data-driven student success initiatives. Not coincidentally, security and privacy concerns currently dominate the national dialogue about IT policy. The question remains whether those concerns have reached the point that they can overcome barriers that have thus far prevented federal policy solutions. What doesn't happen on a major policy issue is often as important as what does, though, since it can set the stage for consensus to emerge. With that in mind, this year's top IT policy issues for higher education reflect two carryovers from 2018, as well as a new entry for 2019, all three of which are "continuing to evolve." (For more on these issues, please see "Looking Back and Looking Ahead: EDUCAUSE Policy Issues, 2018–2019" in the EDUCAUSE Review Policy Spotlight blog.)
Information Security and Data Privacy
Last year's policy concerns related to information security and data privacy focused on the then-recent compliance efforts of the Office of Federal Student Aid (FSA) at the US Department of Education (ED). Based on a breach notification provision in one of its standard institutional agreements and an FTC Safeguards Rule provision in another, FSA had contacted a number of institutions and asserted that they had failed to meet a set of wide-ranging breach-notification and security-reporting requirements. Shortly thereafter, new leadership at FSA brought a new responsiveness to the problems that EDUCAUSE raised about those compliance efforts. FSA has since engaged with institutions in a positive, collaborative manner emphasizing joint problem-solving. This year brings a renewed likelihood, however, that FSA will convince the Office of Management and Budget (OMB) to add a Safeguards Rule audit objective to the federal single audit process that most colleges and universities must complete. Such a step will ensure that FSA remains a feature of the higher education information security conversation into the future.
At a broader level, Congressional interest in comprehensive federal privacy legislation, which would almost certainly include information security provisions, also has a bright spot on our community's radar. The questionable handling of users' personal data by web and social media companies has greatly increased interest among policymakers from both parties in establishing national privacy and breach-notification standards. Republicans and Democrats remain far apart, though, on the key issue of federal preemption—i.e., whether a new federal law should set a national floor for privacy protections and thus avoid preempting tougher state laws where they exist, or whether such a law should establish an all-encompassing framework that preempts state laws. There are no signs that Congress will overcome this divide in 2019, but the issue seems likely to be a constant feature of the Congressional agenda until a compromise is reached.
Network Neutrality
Last year's regulatory efforts on network neutrality—which saw the Trump-era Federal Communications Commission (FCC) repeal the Obama-era FCC's rules—moved out of the policy space and into the legal arena as nearly two dozen state attorneys general and various public interest groups filed a federal lawsuit to "repeal the repeal." The latest step forward in that process occurred on February 1, when the US Court of Appeals for the DC Circuit heard oral arguments in the case. As legal experts caution, the questions that judges ask during oral arguments do not reliably indicate how they will ultimately rule. Groups supporting net neutrality were heartened, however, by the stiff questioning that FCC attorneys received about the agency's core positions in moving to repeal the 2015 rules (such as the validity of defining broadband access as an information service, and the validity of arguing that network neutrality rules inhibited private-sector investment in broadband access).
The intersection of state policymaking and federal legal action also continues to be on display as several states have moved to regulate network neutrality following the FCC's repeal of its rules. For example, California's move to directly impose network neutrality in its broadband access markets remains on hold pending the outcome of the federal case, per agreement with the US Department of Justice (DOJ). Likewise, the telecom industry has sued Vermont in federal court to overturn its law prohibiting state agencies from contracting for telecom services with companies that don't follow the FCC's 2015 network neutrality rules—citing the 2017 FCC repeal order's claim to preempt state actions on network neutrality.
You may notice that this discussion has not mentioned policymaking from Congress, which could pass legislation to essentially settle the matter. Again, current legal action is a major inhibitor to federal policymaking in that the outcome of the DC Circuit case, subject to Supreme Court review, will largely define the ground on which Congressional negotiations will take place alongside the outcome of the 2020 elections. If those elections lead to a Democratic presidential administration and a divided Congress, we could see a Democratic FCC reinstate network neutrality via regulation and thus start another multiyear trip through the courts.
Digital Accessibility
The accessibility of digital content and resources for persons with disabilities is another area where a lack of policymaking continues to foster legal action. Late last year, DOJ submitted a letter to Congress reinforcing its position that the Americans with Disabilities Act (ADA) does cover digital accessibility but that DOJ regulations establishing standards for digital accessibility compliance under the ADA are not necessary. Instead, DOJ argued that organizations should be able to use the flexibility that a lack of specific regulations provides to tailor their approaches to digital accessibility to their particular contexts. Unfortunately, that leaves all covered entities, including colleges and universities, without clear compliance guidance and sets the courts as the primary arbiters of how well affected organizations have or haven't interpreted—and met—their responsibilities under the law.
In addition to DOJ, the ED Office of Civil Rights (OCR) has a major impact on accessibility compliance in education through its enforcement responsibilities under the Rehabilitation Act as well as the ADA. And as with DOJ, ED OCR signaled a major shift in accessibility compliance last year by changing its procedures for handling mass filings of accessibility complaints from any single source. The procedural shift led to the wholesale dismissal of such complaints and the closing of existing cases against many colleges and universities. However, the settlement of a lawsuit against OCR late last year forced it to backtrack, with implications that colleges and universities will experience throughout 2019. OCR has restored its prior procedures requiring it to investigate the individual complaints and reopened the cases that were previously dismissed.
On the plus side, OCR has indicated that it seeks to work with institutions to resolve the specific problems identified, as compared to pursuing broad resolution agreements that would impose requirements on all aspects of institutional IT. However, many institutions will be responding to reopened cases throughout 2019, and the return of complaint mass filings could impact more institutions as the year unfolds. EDUCAUSE members could also see these filings add to already active litigation on digital accessibility, as OCR's limited capacity to address complaints in a timely fashion may lead to more efforts to seek resolution via the courts.
Higher education is not alone in seeing heightened legal action on digital accessibility, however. As other industries and organizations struggle to manage the risks of this ill-defined compliance space, this year's lack of regulation could give way to a consensus in favor of negotiating some regulatory standards in the not-too-distant future. Unless the Trump Administration takes a dramatic turn, though, that future won't start until after the 2020 elections at the earliest.
Conclusion
Unexpected developments could elevate even more issues to this list. For example, while prospects for Higher Education Act (HEA) reauthorization currently appear dim, the Senate education committee that must ultimately craft a working compromise reached an unanticipated bipartisan breakthrough on K–12 policy in the recent past. Its success there combined with the desire of its retiring Republican chairman for a final, lasting achievement could signal that possibilities exist even if they aren't immediately apparent. In the meantime, though, what is or isn't happening in federal policy on security and privacy, network neutrality, and digital accessibility will likely dominate the EDUCAUSE policy horizon in 2019.
Jarret Cummings is Senior Advisor for Policy and Government Relations at EDUCAUSE.
© 2019 Jarret Cummings. The text of this work is licensed under a Creative Commons BY-NC-ND 4.0 International License.