Contributing Editor: Jarret Cummings, Senior Advisor for Policy and Government Relations, EDUCAUSE
A recent guidance letter from the U.S. Department of Education applies “Third-Party Servicer” regulations to higher education institutions and to their content, software, systems, and services providers. Given the disruption this would cause, EDUCAUSE has asked the department to rescind the letter, fully consult with institutions and their stakeholders, and revise its guidance.
A recent notice from the office of Federal Student Aid (FSA) provides a brief review of the pending changes to the Safeguards Rule and explains how FSA plans to ensure institutional compliance with the new requirements.
The final version of the National Defense Authorization Act for Fiscal Year 2023 excludes a proposed Senate amendment that would have required federal contractors and grant recipients to report cyber incidents involving their contracting/granting agency's data or systems to the agency.
The U.S. Department of Justice intends to issue a notice of proposed rulemaking in 2023 around web accessibility regulations for state and local government entities pursuant to Title II of the Americans with Disability Act. At the same time, The U.S. Department of Education is considering updating regulations implementing Section 504 of the Rehabilitation Act.
The Copyright Claims Board helps rights holders but may expose researchers and students to litigation. Higher education institutions and research libraries can position themselves to support students and prevent possible risks to scholarship.
EDUCAUSE community members offer federal policy perspectives on the 2023 Top 10 IT Issues.
Colleges and universities are not subject to the law requiring cyber incident reporting to the Cybersecurity and Infrastructure Security Agency (CISA). However, details of the agency's regulatory process, starting with its recent request for information, are worth noting, given their general implications for federal policy on cyber incident reporting.
While higher education is not covered by a pending rulemaking on cyber incident reporting, EDUCAUSE is monitoring the process given the possibility that colleges and universities could face a similar requirement in the future.
The National Telecommunications and Information Administration has taken the first steps in implementing the broadband programs of the Infrastructure Investment and Jobs Act.
A comprehensive privacy bill has cleared a House committee for the first time, but its flaws on federal preemption and a private right of action may limit its prospects. The way the bill handles exceptions for existing laws is also concerning for higher education.
