Title IX Final Rule Released

Today, after more than a year of anticipation, the U.S. Department of Education published the Title IX Final Rule, which prohibits discrimination on the basis of sex in education programs or activities receiving Federal financial assistance. This Final Rule takes effect on August 1, 2024, amending the current regulations which went into effect in August 2020. The robust 1577 page Final Rule clarifies the scope and application of Title IX and the obligations of institutions that receive Federal financial assistance from the Department.

The Final Rule will have significant compliance implications for Title IV institutions. Schools will be required to change policies and procedures implementing the regulations. Schools will also need to train all employees in their new reporting obligations under the rule. Of particular note, the Final Rule changes how and when school employees must take action when they learn of conduct that may constitute sex discrimination under the law.  Currently, the law allows schools to designate specific employees who must take action.  This Final Rule significantly broadens this to a larger group of employees. Continue reading “Title IX Final Rule Released”

New California Laws Regarding Non-Compete Agreements

Non-compete agreements are unenforceable in California unless given in connection with the sale of a business, sale of equity in a business or dissolution of a partnership or LLC.  Effective January 1, 2024, Business and Professions Code 16600 has been amended (and section 16600.1 has been added) to make clear that these provisions are unenforceable and require businesses to notify current and former employees.

Business and Professions Code 16600 has been amended to make clear that it is impermissible to include non-compete provisions in any employment agreement or to attempt to enforce them. Business and Professions Code section 16600.1 has been added requiring an employer that has included these restrictions in employment agreements in the past to notify the employees or former employees in writing that these restrictive covenants will not be enforced.  This is an affirmative obligation, and the notification must be individually addressed and sent by February 14, 2024.

Persons who need to be notified are current and former employees who have or had an agreement with the company that contained impermissible noncompete or nonsolicit restrictions, and who worked for the company for any period of time after January 1, 2022.

A failure to send the notice is declared in 16600.1 to be an act of unfair competition.

Please see the Duane Morris Client Alert for additional details.

2023 Fiscal Audits Will Include More Detailed Data Security Compliance Requirements

If you are a Title IV institution, compliance with the revised Safeguards Rule and implementation of the data security controls set forth in the revised Rule is now a required segment of your annual financial audit.

The Federal Trade Commission’s (FTC) amendment to the Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA) became effective on June 9, 2023. The comprehensive amendment updated data security requirements for financial institutions, including all Title IV institutions of higher education. The U.S. Department of Education has increased enforcement authority by requiring auditors to verify an institution’s compliance with components of the Safeguard Rule.

In March, the U.S. Department updated the Guide for Financial Statement Audits of Propriety Schools and For Compliance Attestation Examination Engagements of Proprietary Schools and Third-Party Servicers Administering Title IV Programs (“Audit Guide”). The Audit Guide is effective for fiscal years beginning on or after January 1, 2023, and will be in place for all audits conducted in 2024 and beyond.

The Audit Guide reinforces that Title IV institutions must adhere to the strict cybersecurity requirements set forth in the Safeguards Rule including a requirement to “develop, implement, and maintain a written, comprehensive information security program.” The objective is to “Determine whether the school designated an individual to oversee, implement, and enforce the school’s information security program and whether the school’s written information security program addresses six additional required elements.”

In addition to verifying that the institution has designated a qualified individual, the auditor must also verify:

1.     The information security program is based on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks;

2.     Design and implementation of eight safeguards set forth in the regulation to control the risks the school or servicer identifies through its risk assessment;

3.     Regular testing or otherwise monitoring the effectiveness of the safeguards implemented;

4.     Implementation of policies and procedures to ensure that personnel are able to enact the information security program;

5.     How the school or servicer will oversee its information system service providers; and

6.     The evaluation and adjustment of an institution’s information security program in light of the results of the required testing and monitoring; any material changes to its operations or business arrangements; the results of the required risk assessments; or any other circumstances that it knows or has reason to know may have a material impact the information security program.

An institution’s failure to implement an information security program with the required elements by June 9, 2023 (the effective date of the Safeguards Rule) may result in an audit finding. If an institution has not implemented an information security program with the required elements by December 31, 2023, the institution will receive an audit finding and must submit a Corrective Action Plan (“CAP”). Moreover, FSA’s Cybersecurity Team and the Federal Trade Commission (FTC) will be informed of the audit findings regarding the Safeguards Rule and may request additional information to assess the level of risk to student data.

In an Electronic Announcement issued in February 2023 regarding cybersecurity compliance, the Department stated that a finding of non-compliance will be resolved as part of the Department’s determination of an institution’s administrative capability. Additionally, repeated non-compliance may result in administrative action impacting Title IV participation.

Student Arbitration Agreements

By Edward Cramp and Jessica S. High

July 1 is quickly approaching for institutions that require students to sign pre-dispute arbitration agreements.  The new Borrower Defense to Repayment (BDR) regulation goes into effect on July 1. Among other things, it prohibits Title IV institutions from requiring students to sign mandatory pre-dispute arbitration agreements covering BDR claims.

Institutions can continue to use arbitration agreements for non-BDR claims. Institutions should review current arbitration agreements to ensure they comply with the new regulation.  Additionally, institutions must provide notice (with prescribed language) to students who previously signed a pre-dispute arbitration agreement that does not comply with the new regulations. The notice must be provided no later than exit counseling or the date on which the school files its initial response to a demand for arbitration or service of a complaint, whichever is earlier.

Compliant arbitration agreements and notices must be implemented by July 1. Some arbitration administrators, such as the American Arbitration Association, required consumer arbitration agreements to be registered with the agency.  Such administrators may decline to administer an arbitration if the college or business does not comply with the registration requirement. Institutions should review their arbitration administrator’s rules to see if this is required.

Finally, litigation is pending in the case of CCST v. Cardoza, which may impact whether the new BDR regulation goes into effect as scheduled.  Institutions should be on the watch for updates in the event that the court issues a ruling that impacts the implementation of the new rule.

If you have any questions about this blog post, please contact Edward Cramp, Jessica High, any of the attorneys in our Higher Education Group or the attorney in the firm with whom you are regularly in contact.

New Title IX NPRM

On April 6, 2023, the U.S. Deptartment of Education released a new Notice of Proposed Rulemaking (“NPRM”) on Title IX.  This NPRM focuses on the application of Title IX to gender in student sports.

The current Title IX rule (last amended in 2020 under the Trump Administration) does not expressly address the criteria a school should use to determine eligibility to participate on a male or female athletic team. This NPRM proposes to change that and “would establish that policies violate Title IX when they categorically ban transgender students from participating on sports teams consistent with their gender identity.” However, in the NPRM, the Department states that it recognizes that in some instances, “particularly in competitive high school and college athletic environments, some schools may adopt policies that limit transgender students’ participation.” Through the proposed rule, the Department is attempting to provide schools with a “framework for developing eligibility criteria to protect students from being denied equal athletic opportunity, while giving schools the flexibility to develop their own participation policies.” 

Under the proposed framework, a one-size-fits-all policy banning transgender students from participating in athletics consistent with their gender identity is prohibited. The proposed regulation would be in the Title IX regulations at section 106.41(b)(2): 

“If a recipient adopts or applies sex-related criteria that would limit or deny a student’s eligibility to participate on a male or female team consistent with their gender identity, such criteria must, for each sport, level of competition, and grade or education level: (i) be substantially related to the achievement of an important educational objective, and (ii) minimize harms to students whose opportunity to participate on a male or female team consistent with their gender identity would be limited or denied.”

This NPRM will be open for public comment for 30 days from publication in the Federal Register and we expect comments to be strongly divided. Once the comment period closes, the Department will review the comments received and will either proceed with the rule as proposed, issue a new modified proposal or withdraw the proposal. 

New CA Bill for Student Proctoring

Student Test Taker Privacy Protection Act (SB-1172), limits the collection of personal data by proctoring services. The pandemic created a surge of online-proctoring services which utilize various types of personal information, such as a driver’s license, other identification and/or biometric data, to verify a student’s identity during a proctored exam. SB-1172 seeks to establish data protections for the online test taker. The Act prohibits a proctoring service from collecting, retaining, using, or disclosing personal information except to the extent necessary to provide the proctoring services. 

Most higher education institutions use outside proctoring services (such as Proctorio, ProctorU, Exmanity and ExamSoft) to administer proctored online exams so the institutions would be directly responsible for regulating the information collected. However, higher education institutions should take steps to ensure that the proctoring services utilized adhere to the bill’s restrictions. Current proctoring service contracts should be analyzed and likely amended to at a minimum include that the service provider will not collect, retain, use or disclose student personal information except to the extent necessary to provide the proctoring services.   

FTC Postpones Compliance Deadline for Certain Safeguards Rule Provisions Applicable to Title IV Institutions of Higher Education

Last year, the Federal Trade Commission (FTC) amended the Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA). The comprehensive amendment updated data security requirements for financial institutions, including all Title IV institutions of higher education. In response to reports of personnel shortages and supply chain issues, on November 15, 2022, the FTC announced that it has extended the compliance deadline by six months (to June 9, 2023) for provisions of the rule that were originally to become effective on December 9, 2022. 

The GLBA is a federal law enforced by the FTC. It governs financial institutions regarding their use and collection of customer personally identifiable information. The specific cybersecurity requirements of the GLBA are set forth in the Safeguards Rule. The U.S. Department of Educationvia the Program Participation Agreement, several Dear Colleague Letters, the FSA Handbook and the audit guidehas made it clear that Title IV schools are considered financial institutions and subject to the legal obligations to protect student information required under the GLBA. As such, Title IV schools must meet these strengthened security requirements to better protect consumer (student) financial information.

To view details about what Safeguards Rule provisions are included in the extension, please see our Alert. 

These requirements are not policies and procedures that can be implemented overnight. Considering the shortage of qualified personnel to implement information security programs and the various supply chain issues, schools may need every bit of those six months to develop an information security program that meets the rule’s comprehensive requirements. Schools should work with legal counsel and an information security professional to draft or revise a comprehensive cybersecurity program to protect student records and ensure compliance with the updated Safeguards Rule.

U.S. Department of Education Releases Proposed Title IX Rewrite

On June 23, 2022, the 50th Anniversary of the Title IX statute, the U.S. Department of Education released the Notice of Proposed Rulemaking (“NPRM”) for the Title IX rule. The proposed rule is expected to be published in the Federal Register on June 27, 2022. Following publication, interested parties will have 60 days to submit public comment. 

First, the Department proposed to amend Title IX regulations to:
Require recipients to adopt grievance procedures that provide for the prompt and equitable resolution of complaints of sex discrimination and take other necessary steps to provide an educational environment free from sex discrimination;
Clarify the Department’s view of the scope of Title IX’s prohibition on sex discrimination, including related to a hostile environment under the recipient’s education program or activity, as well as discrimination on the basis of sex stereotypes, sex characteristics, pregnancy or related conditions, sexual orientation, and gender identity; and
Clarify a recipient’s obligations to students and employees who are pregnant or experiencing pregnancy-related conditions.

With regard to sex-based harassment, the proposed regulations would:
Define sex-based harassment to include but not be limited to sexual harassment;
Provide and clarify, as appropriate, definitions of various terms related to a recipient’s obligations to address sex discrimination, including sex-based harassment;
Clarify how a recipient is required to take action to end any sex discrimination that has occurred in its education program or activity, prevent its recurrence, and remedy its effects; and
Clarify a recipient’s obligations related to the grievance procedures and other necessary steps when it receives a complaint of sex discrimination. 

With regard to discrimination against individuals who are pregnant or parenting, the proposed regulations would:
Define the term “pregnancy or related conditions” and the term “parental status,” and prohibit discrimination against students and applicants for admission or employment on the basis of current, potential, or past pregnancy or related conditions; and
Clarify a recipient’s obligations to students and employees who are pregnant or experiencing related conditions. 

In addition, the proposed regulations would:
Articulate the Department’s understanding that sex discrimination includes discrimination on the basis of sex stereotypes, sex characteristics, pregnancy or related conditions, sexual orientation, and gender identity;
Clarify and streamline administrative requirements with respect to designating a Title IX Coordinator, disseminating a nondiscrimination notice, adopting grievance procedures, and recordkeeping;
Specify that a recipient must train a range of relevant persons on the recipient’s obligations under Title IX;
Clarify that, unless otherwise provided by Title IX or the regulations, a recipient must not carry out any otherwise permissible different treatment or separation on the basis of sex in a way that would cause more than de minimis harm, including by adopting a policy or engaging in a practice that prevents a person from participating in an education program or activity consistent with their gender identity; and
Clarify a recipient’s obligation to address retaliation.

Duane Morris is in the process of reviewing the proposed rule in detail and will prepare bullet points and a full summary in the coming days.

Court Ruling Impact on Title IX Regulations

On July 28, 2021, a federal district court in Massachusetts issued a decision in Victim Rights Law Center et al. v. Cardona, No. 1:20-cv-11104, 2021 WL 3185743 (D. Mass. July 28, 2021).  This case was brought by organizations and individuals challenging the 2020 amendments to the Title IX regulations.

Most of the amendments plaintiffs challenged were upheld by the Court. However, the Court determined that one part of 34 C.F.R. § 106.45(b)(6)(i) (live hearing requirement at postsecondary institutions) was arbitrary and capricious. Therefore, the Court vacated the part of the provision that prohibits a decision-maker from relying on statements not subject to cross-examination at the live hearing.

On August 24, 2021, the Department issued guidance stating that it would immediately cease enforcement of 34 C.F.R. § 106.45(b)(6)(i) regarding the prohibition against statements not subject to cross-examination.  The Department’s non-enforcement position allows for decision-makers at postsecondary institutions to now consider statements made by the parties and witnesses during the investigation regardless of whether they submit to cross-examination at the live hearing. Institutions may now consider emails or text exchanges between the parties leading up to the alleged sexual harassment and statements about the alleged sexual harassment that satisfy the regulation’s relevance rules without submitting to cross-examination. A decision-maker at a postsecondary institution may also consider police reports, Sexual Assault Nurse Examiner documents, medical reports, and other documents even if those documents contain statements of a party or witness who is not cross-examined at the live hearing.

The Department’s resources will be updated to reflect the Court’s decision.

New Title IX Guidance Released

On July 20, 2021, the Department of Education (through the Office of Civil Rights “OCR”), unveiled new guidance to help schools understand their obligations under the Betsy DeVos-era Title IX rule. The rule, which went into effect on August 14, 2020, is currently undergoing a comprehensive review based on the Executive Order issued by President Biden on April 6, 2021. 

The 67-page Q&A is divided into 17 sections and provides guidance on a variety of topics covered by the 2020 Title IX amendments, focusing on language within the preamble. The guidance also includes an appendix with sample language schools can utilize (but are not required to) in creating a Title IX policy.  Continue reading “New Title IX Guidance Released”

© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.

The opinions expressed on this blog are those of the author and are not to be construed as legal advice.

Proudly powered by WordPress