Duane Morris was a sponsor of the 2020 ASU GSV summit. Several of our attorneys presented at this year’s virtual conference. Below are replays from select sessions.
Ed Tech Policy Session | September 29, 2020
Consumers of education services – students of all ages and the entities that serve them – are hungry for dramatic changes in the education landscape that will deliver increased access, equity, affordability, quality and workforce relevance. Ed Tech has begun to deliver on those needs in extraordinary ways, and the potential is untapped. However, innovation in the market has outpaced how existing regulations and policy govern education as a service. This session will: (1) review friction points our lawyers have observed between Ed Tech models and the current state, federal and accreditor regulatory regimes that apply to educational businesses and educational institutions (and how to spot, anticipate and plan for them), (2) report on recent changes in federal law and policy to promote and foster innovation (including the U.S. Department of Education’s new Distance Education and Innovation Final Rule and increased accreditor flexibilities) and (3) discuss threats and opportunities that may arise from the next Congress and Administration, and how Ed Tech stakeholders can help shape education policy.
The Department of Education issued a security alert stating that multiple schools have reported that they have suffered ransomware attacks. Ransomware is a type of malware that uses encryption to block access to a computer system unless a ransom is paid. Ransomware is commonly embedded in email attachments that infect a computer when opened. However, the Department of Education states that phishing attacks have been the primary method used in these reported cases, where the attackers used phishing schemes to gain access to account credentials and then used those credentials to install the ransomware.
The Department of Education recommends that schools implement the following cybersecurity practices to protect against such attacks:
Establish a data backup process, ensure the backups are available and accessible, and store the backups offline
Implement multi-factor authentication to mitigate account compromises
Regularly patch hardware and software
Continuously monitor institutional network to detect unauthorized access and malware
Create and update your Incident Response Plan
Ensure training resources emphasize phishing, as it is frequently the compromising entry point for cyber attacks
The Department also reminds schools that ransomware attacks should be reported immediately to the FSA security team.
On February 10, 2020, California’s Office of the Attorney General proposed a modified version of the California Consumer Privacy Act (CCPA) regulations first published on October 11, 2019. The initial proposed regulations were summarized in our previous Alert.
The California Consumer Privacy Act of 2018 Webinar Series will be hosting its third installment, “How the CCPA Impacts the Higher Education Industry,” to be held on September 5, 2019. The webinar will be presented by Duane Morris attorneys Brandi A. Taylor and Michelle Hon Donovan.
This session provides an overview of the new law and how it applies to schools and companies in the education sector. Nonprofit educational institutions are exempt from the new law. However, it will apply to any for-profit education institutions, service providers and technology companies that collect any information on California residents and meet any of the following criteria:
Have an annual gross revenue of $25 million or more;
Collect, sell or share for commercial purposes the personal information of at least 50,000 consumers, households or devices annually; or
Derive at least 50 percent of annual revenue from selling consumers’ personal information.