Institutions across the country are facing increasing pressure to keep their student and employee information safe. The proposed Protecting Student Privacy Act of 2014—intended to upgrade the security of sensitive student information—addresses the current issues with data security as the electronic exchange of information becomes more prevalent. Hackers are getting smarter, cyber insurance policies are no longer a commodity but a necessity, and federal and state regulations are holding organizations of all sizes accountable if a breach occurs. The world is changing, and institutions must take every measure to decrease their vulnerability and comply with the current regulations to limit their liability.
Data breaches are on the rise. Institutions are prime targets, due to the vast amounts of sensitive information they store. From students’ Social Security numbers to parents’ credit card information, it’s easy for hackers to see the value in a school’s data and even easier for them to penetrate an institution’s network. The increased popularity and convenience of exchanging information electronically sparks newfound concerns over keeping data safe. The proposed bill to amend the Family Educational Rights and Privacy Act of 1974 (FERPA) calls for more restrictions on the type of data that is shared and how data sharers are tracked and held accountable. Every institution will have to comply with these new laws to better safeguard their student and employee information and to limit their liability in the event of a breach.
Over the past few years, cyber insurance policies gained in popularity with the rise in the number of large and highly publicized breaches. This includes educational institutions, which recognize that these policies can help protect against the significant financial and reputational damage caused by a data breach. While insurance companies can cover most of the financial loss, they are not the overall solution to cyber protection. If an institution is found guilty of negligence, failure to exercise due care, or any other offense, the reputational damages could cause more long-term financial loss than the fines. Also, unlike a car insurance policy, cyber insurance policies don’t continue to pay out if an organization continues to be breached, especially if the organization does not take precautionary measures to limit their liability and reduce their vulnerability going forward. Regulatory compliance checks and IT assessments are fundamental parts in keeping an institution safe from legal liability if it is breached. If these functions are carried out frequently and appropriately, the financial loss from a breach will most likely be minimal.
One of the main objectives of the proposed Protecting Student Privacy Act of 2014 is to mandate new data-security safeguards for data held by private companies. State and federal laws are outlining the degree of due diligence required by organizations to keep them from being held accountable if they are breached. Institutions can’t plead ignorance—preventive measures must be taken to limit liability in every type of organization. This means network vulnerability assessments as well as policy and procedure implementation need to be considered in order to prevent data from getting into the wrong hands. Policies for when and with whom to share student information are defined in the proposed Act and need to be communicated to every member of an institution, along with procedures to follow in the event of a breach. Institutions must comply with all applicable state regulations in order to keep from being held accountable.
COMPASS has developed a methodology to assist institutions with developing a customized, cost-effective, and practical approach to cyber security. This approach combines the discipline of project management with the latest cyber-security technology and data-protection best practices. In today’s hyper-connected world, every school is just one data breach away from being a leading story on the news and social media, which can severely damage its reputation and brand. Find out how to protect your institution. Contact COMPASS for your initial IT network security health assessment.
