This year has been a busy year for education law in the area of data privacy. Educational institutions continue to be a rich target for hackers. Additionally, there were some important developments in the interpretation of Family Educational Rights and Privacy Act (FERPA) and the Telephone Consumer Protection Act (TCPA) as it applies to educational institutions.

  • In December, DeVry University Settled with the FTC for $100 million over allegations that it misled prospective students with ads that promised higher employment success and income upon graduation.
  • Also in December, UMass Amherst settled with the Office for Civil Rights (OCR) for $650,000 for HIPAA violations related to a malware infection that led to the release of names, addresses, Social Security numbers, dates of birth, health insurance information, diagnoses, and procedure codes.
  • In November, a hacker gained access to 1,213 records of applicants to the University of Wisconsin Law School.
  • On September 14, 2016, the Department of Education (DOE) issued a “Dear Colleague Letter” providing guidance on the application of FERPA to the disclosure of student medical records in the context of litigation.


Continue Reading Top Ten Education Developments, Breaches, and Settlements of 2016

The Office for Civil Rights (OCR) has announced that the University of Massachusetts Amherst (UMass) has agreed to settle an investigation against it as a result of a malware infection for $650,000, along with implementing a Corrective Action Plan. Although $650,000 is a hefty sum for the allegations, the OCR in its announcement said it