AAU, together with nine other higher education associations, submitted comments to the Federal Trade Commission regarding the agency’s Notice of Proposed Rulemaking, titled “Standards for Safeguarding Customer Information.” The letter expresses concern about the FTC’s deviation “from its long-standing, flexible approach to information security program development and implementation.” The organizations emphasize that although colleges and universities may technically be considered “financial institutions” under the Safeguards Rule, we are fundamentally academic entities. Accordingly, our academic mission – and assessment of risk in relation to that mission – must be the basis of our information security programs, not rigid compliance with a rule that may not be appropriate to the size and complexity of our institutions, much less to the nature and scope of the activities that cause us to be covered by the rule. The comments offer a number of specific recommendations related to the proposed rule’s individual provisions.