Safeguards Rule additional requirements proposal tomorrow

[Jarret Cummings <jcummings () EDUCAUSE EDU>]

Last Friday, I posted to the EDUCAUSE Review Policy Spotlight about a raft of new requirements that the Federal Trade 
Commission (FTC) is proposing to add to its Safeguards Rule - that is, a raft of new information security provisions 
that most colleges and universities would have to follow 
(https://er.educause.edu/blogs/2019/3/ftc-announces-proposed-changes-to-the-safeguards-rule).

The 60-day comment period for the FTC's notice of proposed rule-making on this hasn't yet started, since the notice 
isn't official until it's published in the Federal Register. That changes tomorrow, April 4th, however, given the 
Federal Register announcement that it will publish the notice then 
(https://www.federalregister.gov/documents/2019/04/04/2019-04981/standards-for-safeguarding-customer-information). That 
will put the deadline for comments in the first week of June.

EDUCAUSE plans to work with members to submit comments on behalf of the community. In the meantime, though, I urge you 
to review the proposed requirements and consider their implications for your institution's information security and IT 
operations in case the FTC sticks with its proposed six-month deadline for compliance from the date the final 
regulations are published. It's possible that could happen later this year, which would make the compliance deadline 
sometime in spring or summer of 2020. - Jarret Cummings

_______________________________________________
Jarret S. Cummings
Senior Advisor, Policy and Government Relations

EDUCAUSE
Uncommon Thinking for the Common Good
direct: 202.331.5372 | educause.edu<http://www.educause.edu/>