EDUCAUSE Comments: FSA Breach Notification/Information Security Reporting Requirements

Abstract

EDUCAUSE submitted a letter to Federal Student Aid (FSA), an office of the U.S. Department of Education, expressing concern about its recent compliance actions in relation to data breach notification and information security program reporting. The letter stresses the interest of the EDUCAUSE community in working with FSA to advance the security and integrity of federal student financial aid data. It argues, however, that doing so requires a shared, consensus-based understanding of the basis and scope of FSA authority in this area, as well as collaboratively developed, official guidance, processes, and supporting resources. The letter also asks FSA to reevaluate and revise its compliance approach pending the outcome of the proposed collaborative efforts, given that the current approach may be counter-productive both in principle and practice.

Download Resources