Jonathan Tarnow and Katherine Armstrong Co-Author Private Postsecondary Schools and Data Privacy – It Is So Much More Than FERPA

Jonathan Tarnow, Washington, D.C., partner focusing on education law, and Katherine Armstrong, Washington, D.C., counsel for data privacy and security matters, co-authored an article that published in October 2019 for Career Education Review. They examine the current landscape of big data within organizations and the fragmented and decentralized regulatory ecosystem that governs it. The article goes on to summarize and analyze privacy and data security laws that most frequently impact U.S. postsecondary education institutions, including FERPA (enacted in 1974); HIPAA (enacted in 1996); GLBA (enacted in 1999); TCPA (enacted in 1991); FCRA (enacted in 1970); New York Cybersecurity Regulations (2017); GDPR (enacted 2018); and CCPA (effective January 1, 2020). Read the article to better understand each legal regime and gain a general understanding of how to develop a data privacy and security compliance program.