Feed aggregator

These Minority-Serving Institutions Could Lose Money Under the House Republicans’ New Plan

Chronicle of Higher Education - November 29, 2017 - 4:04pm
Legislation to reauthorize the Higher Education Act would stiffen eligibility requirements for colleges, including historically black colleges, Hispanic-serving institutions, and other minority-serving institutions, to receive funds under Title III and Title V of the law.
Categories: Higher Education News

3 Startling Claims From California’s Lawsuit Against a For-Profit College

Chronicle of Higher Education - November 29, 2017 - 3:44pm
California’s attorney general sued Ashford University on Wednesday, saying it had misled prospective students, among other illegal practices.
Categories: Higher Education News

Far-Right Speaker Is Arrested at U. of Connecticut After Physical Confrontation

Chronicle of Higher Education - November 29, 2017 - 9:56am
Lucian Wintrich was at the university to deliver a speech titled “It’s OK to Be White.” He grabbed a woman after she appeared to take a piece of paper from the lectern where he was speaking.
Categories: Higher Education News

‘Apple-esque’: New Student-Aid Mobile App Earns Oohs and Ahhs

Chronicle of Higher Education - November 29, 2017 - 7:48am
The new app, which the Education Department says will be rolled out in the spring, would allow students to apply for federal financial aid and check their credit score, among other features.
Categories: Higher Education News

'Apple-esque': New Student-Aid Mobile App Earns Oohs and Ahhs

Chronicle of Higher Education - November 29, 2017 - 7:48am
The new app, which the Education Department says will be rolled out in the spring, would allow students to apply for federal financial aid, as well as check their credit score, among other features.
Categories: Higher Education News

House Republicans Eye Sweeping Changes in Higher Education Act

Chronicle of Higher Education - November 29, 2017 - 6:42am
The House education committee is expected to release a bill this week that would reauthorize the federal law governing higher education, and it reportedly includes several significant changes.
Categories: Higher Education News

Is It Finally Time to Simplify the Fafsa? Signs Point to Yes.

Chronicle of Higher Education - November 28, 2017 - 6:41pm
Education Secretary Betsy DeVos announced on Tuesday that the department would roll out a new mobile app to make it easier for students to fill out the Free Application for Federal Student Aid.
Categories: Higher Education News

Why People Really Love/Hate Alumni Interviews

Chronicle of Higher Education - November 28, 2017 - 4:44pm
A recent fiasco involving a Harvard interviewer prompted a wave of contradictory responses. College officials and alumni found the practice meaningful, or a charade; important, or a major risk; something to continue, or to end at once.
Categories: Higher Education News

Why the U. of Maryland Is Hiring a ‘Hate-Bias Response Coordinator’

Chronicle of Higher Education - November 28, 2017 - 4:08pm
Colleges must adapt to a new normal of hate groups’ targeting their campuses, university officials say.
Categories: Higher Education News

Graduate Students Mobilize ‘to Stop Something That Can Ruin Us’

Chronicle of Higher Education - November 28, 2017 - 2:06pm
The students plan to protest the Republican tax proposal, which, as passed by the House of Representatives, would tax their tuition waivers. Higher-education leaders have said such a measure, if enacted, could be catastrophic.
Categories: Higher Education News

Fresh Off Failed ‘Washington Post’ Sting, James O'Keefe Will Speak at SMU

Chronicle of Higher Education - November 28, 2017 - 12:12pm
Project Veritas recently used an undercover employee to try and expose bias at The Washington Post, which sniffed out the effort. The organization's founder will speak on "stopping bias in American media."
Categories: Higher Education News

After Lawsuit Threat and Canceled Speech, Scaramucci Resigns From Tufts Advisory Board

Chronicle of Higher Education - November 28, 2017 - 10:16am
Anthony Scaramucci, who was briefly the White House communications director, threatened to sue a student newspaper writer on Monday. On Tuesday morning he resigned from an advisory board at Tufts University.
Categories: Higher Education News

Have You Experienced Sexual Harassment? Here’s How to Tell Us About It

Chronicle of Higher Education - November 28, 2017 - 9:50am
The Chronicle is devoting more resources to coverage of sexual harassment in higher education, and we’d like to hear from you. Do you have a story to share? Find out how to contact us here.
Categories: Higher Education News

Acceding to Fan Outrage, U. of Tennessee Draws More Critics

Chronicle of Higher Education - November 27, 2017 - 4:04pm
The university scrapped plans to hire Greg Schiano as its next head football coach, marking a rare capitulation to fans who seized on a disputed claim that he had failed to report Jerry Sandusky’s abuses at Penn State.
Categories: Higher Education News

American U. of Beirut Restores Assistantships for Student Protesters

Chronicle of Higher Education - November 27, 2017 - 2:18pm
The positions had been revoked to penalize graduate students who demonstrated against labor conditions.
Categories: Higher Education News

Should Laptops Be Banned in Class? An Op-Ed Fires Up the Debate

Chronicle of Higher Education - November 27, 2017 - 1:11pm
The distraction of technology is a major driver of such bans. But some academics say that technology can be a force for good, or at least that professors have no right to tell students what they can and can’t use in class. An essay in The New York Times prompts renewed discussion.
Categories: Higher Education News

Tufts Postpones Appearance by Anthony Scaramucci After Lawsuit Threat

Chronicle of Higher Education - November 27, 2017 - 10:35am
Two opinion articles in the student newspaper bothered the former White House communications director so much that he threatened legal action.
Categories: Higher Education News

E.U. Regulations that are Enforceable Against U.S. Higher Education Institutions

WCET Frontiers Blog - November 27, 2017 - 8:31am

What do you know about the E.U.’s new General Data Protection Regulation (GDPR)? If you have not read up on this important regulation recently, never fear! Today, Cheryl Dowd, Director of the State Authorization Network, is here to provide background information and the basic components of the GDPR, so you can help your institution review and create processes to be compliant by May 25, 2018.

Thank you, Cheryl!

Enjoy the read,

~Lindsey, WCET

Does your institution or organization process the personal information of a person residing in a European country that is part of the European Union (EU)?

Does your institution have a distance education program for which your institution has been enrolling students residing in EU countries?

Has your institution received admissions from residents, or have alumni or donors in a country that is part of the EU?

Countries in the E.U. Photo credit: http://www.nationsonline.org/oneworld/first.shtml

What about European study abroad programs or research partnerships with residents of EU countries?

Did you say yes to any of these questions? If so, you need to read this to help your institution review and create processes to be compliant with the E.U.’s new General Data Protection Regulation (GDPR) by May 25, 2018.

The GDPR aims to protect E.U. citizens from data breaches. We know, from even a casual observation of the news, that data breaches have occurred and are a significant concern for citizens outside the EU. Do the breaches at Equifax, Anthem, Target, and Yahoo ring a bell?  Higher education institutions are also ripe for breaches! Institutions in the United States and Canada may be able to benefit in our data protection practices by putting the processes in place necessary to comply with EU regulations.

WCET recently became aware of these EU regulations and their direct connection to our US and Canadian institutions and organizations. Our intent is to keep this simple to get you started. We offer you a little history, basic components, debunked myths, and some direction on steps you might take.  Our research is based on four main resources:

History

The EU GDPR website indicates that the E.U. Parliament approved and adopted the regulations in April 2016, after four years of preparation and debate. The enforcement date is set for May 25, 2018.  Noncompliance with the regulations is expected to carry large fines. This regulation replaces the 1995 Data Protection Directive 95/45/EC. The website further explains that the new regulations were created to “protect and empower all EU citizens data privacy and reshape the way organizations across the region approach data privacy.” Lindsay McKenzie from Insider Higher Ed reported in a November 6, 2017 article (E.U. Data Protection Law Looms) that Gian Franco Borio, a lawyer who spoke at a recent Educause session, believes that these new regulations provide a “significant expansion of protection for the personal data of EU residents”. The GDPR will apply to any organization worldwide that processes the personal information of EU residents.

The differences between the new GDPR and the 1995 Data Protection Directive 95/45/EC were reported by Allyssa Provazza in her article, GDPR requirements put end-user data in the spotlight, Computer Weekly.com, November 2, 2017. She indicated that the new regulations mandate that there be tighter requirements and justification for documenting and defining what data an organization processes. Additionally, the new regulations provide more support for the data subject regarding consent by requiring more clarity in language to ensure consent is informed and freely given. Finally, the GDPR was created to have consistent enforcement across all member countries rather than the previous enforcement in each individual EU member state.

Ms. Provazza also suggests that the definition of personal data in Europe is much broader than in the United States. The  GDPR additionally includes identifiers such as:  biometric data, political opinions, health information, sexual orientation, and trade union membership.

Basic Components

Highlights from the EUGDPR website FAQ’s indicate:

  1. Who Does the GDPR Affect? All organizations (including institutions) that offer goods or services or that processes and holds the personal data of subjects residing in the EU, regardless of the location of the organization. The Data Processor and Data Controller will be held responsible.
  2. What Are the Penalties for Non-Compliance? The maximum fine is up to 4% of the annual global turnover for breaching GDPR or €20 million.  I don’t know what 4% of annual global turnover is, but as of today, €20,000,000 equals $23,334,642.23. Note that there is a tiered approach to fines based on the degree of the infraction.
  3. What is Personal Data? The information related to the person that could directly or indirectly identify the person. The examples include: name, email, IP address, photo, bank details, etc.
  4. Definition of Data Processor and Data Controller: The controller is the person/entity that determines the purpose, conditions, and means for processing the personal data. The Processor is the person/entity that processes the personal data on behalf of the controller.
  5. What is Required?
    • Records must be kept in order per the regulations.
    • Breach notification protocols must be observed including notification to the supervising authority and data subject.
    • Consent to obtain personal information must be intelligible and in easily accessible form as well as easy to withdraw consent.
    • A Data Protection Officer (DPO) must be appointed if the organization (institution) is a public authority, organization that engages in large scale systematic monitoring, or organization that engages is large scale processing of sensitive personal data.

 Myths as proposed and debunked by Jimmy Desai in Computer Weekly.com:  GDPR:  Five Myths You will Encounter in your Compliance Journey, June 2017.

  1. It is just about hacking. Desai explains that GDPR also offers data subjects the ability to have easier access to their personal information held by the organization.
  2. It is about avoiding fines. It is posed that GDPR seeks to avoid data breaches and the notifications that would be required. This devastating event of a data breach and required notification could cause loss of large numbers of customers and a debilitating impact on the organization’s reputation and finances. The fines would be a later concern beyond these crippling issues.
  3. It is just an IT problem. This is a common response to cyber or data problems. However, it is suggested in this article that GDPR is actually a cultural change for the organization (institution) to create a team approach of different departments to determine how personal data is used, stored, acquired, passed to others, etc.
  4. GDPR compliance is a job for the IT director. A Data Protection Officer (DPO) will be mandatory for some organizations (institutions). The organization may wish to consider that appointing the IT person as the DPO could be a conflict of interest. The conflict would arise if the IT Director is the person who processes the personal data. That person cannot be responsible for signing off on GDPR compliance regarding the processing of the data.
  5. Compliance can be achieved quickly. The team effort required to evaluate how the organization (institution) processes data will be time consuming and complicated with the variety of team players. Mr. Desai suggests that this work should include departments such as marketing, IT, finance, HR, and Legal. For higher education institutions, there will be the need to also include staff from the advising and academic departments.
Direction for Institutions and Organizations

Computer Weekly.com has published many articles and a one-page infographic explaining the GDPR. The infographic (GDPR:  The State of Play)  offers the seven projects that are to be implemented to comply with the regulations. An important aspect for colleges and universities to note is the statement in the bottom left corner of the infographic referring to organizations that are outside of the E.U.

The Information Commissioner’s Office (ICO), the agency responsible for enforcing GDPR in the UK developed a 12-step check list to prepare for compliance of the GDPR.  Institutions may find direction by putting processes in place based on these 12 steps. In a May 2017 ComputerWeekly.com article, Jim Mortleman provided a summary of the ICO 12 steps in his article, GDPR:  a quick start guide.

WCET began reporting on cybersecurity earlier in 2017. In February 2017, we offered our first Frontiers blog post, Words can be intimidating: Cybersecurity and Our Role in Higher Education, to introduce the topic area and to engage our institutional members to understand that data and infrastructure protection from breaches is just as important for our institutions as it is in the rest of the business world. Note that regrettable breaches have infiltrated major companies such as Equifax and Target.  A follow up article in April 2017, Data Privacy for Institutes of Higher Education (IHE), described recent data breaches in higher education to alert our readers that attackers target IHEs due to the institutions possessing vast amounts of computing power and education’s competing desire to provide open access to resources. Both articles echo the philosophy and goals of the GDPR for institutions and organizations to create comprehensive cybersecurity systems to protect our students, faculty, staff, and donors who entrust the institution and organization with their personal information.

Perhaps these new regulations in the EU will cause our college and university leaders to take notice and embrace a change in culture to create collaborative efforts to address data security. The result would be a comprehensive data protection plan that not only meet the expectations required by the European Union, but also better protect personal information in their care.

Stay tuned as WCET will share more about the GDPR and U.S. data protection guidance and processes as we learn about them! Meanwhile, share this information across your institution!

 

Cheryl Dowd
Director, State Authorization Network
WCET

 


How A Dean Got Over Impostor Syndrome — and Thinks You Can, Too

Chronicle of Higher Education - November 26, 2017 - 4:30pm
Valerie Ashby suffered from impostor syndrome until she identified the phenomenon and spent a year practicing 10 steps to overcome it.
Categories: Higher Education News

Preparing for a Meaningful Winter Break

Chronicle of Higher Education - November 26, 2017 - 4:30pm
These experiences are short. Making the most of them requires careful planning.
Categories: Higher Education News

Pages

Subscribe to Western Interstate Commission for Higher Education aggregator