FTC Postpones Compliance Deadline for Certain Safeguards Rule Provisions Applicable to Title IV Institutions of Higher Education

Update Ed

Jessica S. High
November 17, 2022
Last year, the Federal Trade Commission (FTC) amended the Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA). The comprehensive amendment updated data security requirements for financial institutions, including all Title IV institutions of higher education. In response to reports of personnel shortages and supply chain issues, on November 15, 2022, the FTC announced that it has extended the compliance deadline by six months (to June 9, 2023) for provisions of the rule that were originally to become effective on December 9, 2022. 
The GLBA is a federal law enforced by the FTC. It governs financial institutions regarding their use and collection of customer personally identifiable information. The specific cybersecurity requirements of the GLBA are set forth in the Safeguards Rule. The U.S. Department of Educationvia the Program Participation Agreement, several Dear Colleague Letters, the FSA Handbook and the audit guidehas made it clear that Title IV schools are considered financial institutions and subject to the legal obligations to protect student information required under the GLBA. As such, Title IV schools must meet these strengthened security requirements to better protect consumer (student) financial information.