On October 1, Maryland implemented a new privacy law for higher education institutions that requires an enhancement of student data protection measures. Officially known as the Maryland Code Title 10, Subtitle 13A, this legislation includes specific requirements aimed at ensuring the responsible management of sensitive data.
A Model for Other States
Although this law is unique to Maryland, it may serve as a model for other states considering similar regulations. Many of the privacy and cybersecurity standards included in the Maryland law align with established best practices that could eventually lead to nationwide mandates. Title IV universities already adhere to federal data privacy laws such as the Gramm-Leach-Bliley Act (GLBA) and the Family Educational Rights and Privacy Act (FERPA), which are prerequisites for federal funding. The recent increase in cyberattacks targeting higher education institutions has prompted a growing number of states to enact their own privacy laws.
Privacy Governance and Risk Management
The Maryland law requires institutions to develop privacy governance and risk management programs to comply with these new data privacy regulations, ensuring the protection of sensitive information. Regular third-party evaluations of these programs will assist institutions in keeping in step with evolving privacy standards.
Clear Communication of Data Rights
Moreover, universities are required to display clear privacy notices on their websites to inform students and their families about data rights. The legislation also establishes a process for individuals to access their personally identifiable information (PII) and request corrections while limiting the collection of unnecessary data.
Vendor Compliance and Data Protection
To protect sensitive information, institutions must incorporate specific language into contracts with third-party vendors, mandating compliance with privacy governance policies and establishing reasonable security controls for data protection.
Future Recommendations
As Maryland’s institutions begin to adjust to these new requirements, experts recommend that universities nationwide adopt proactive measures to bolster their security protocols in anticipation of similar regulations at both the state and federal levels in the near future.
Source: EdTech Magazine