AAU joined 12 other higher education associations in submitting comments to the Federal Trade Commission regarding its notice of proposed rulemaking concerning “Standards for Safeguarding Customer Information.” The comments specifically address FTC’s proposal to require covered entities, including colleges and universities, to report certain types of “security events” involving misuse or breach of customer information.
The comment letter expresses appreciation for the commission’s “willingness to consider how best to balance its information needs with the burden that meeting those needs might impose on covered entities.” However, the letter asks the FTC to delay the public release of any reports submitted under the proposed requirement by one year; to modify its proposal to enable covered entities to delay reporting, if needed, to support law enforcement investigations; and to slightly adjust the timing of reporting. Finally, the letter asks the FTC to state clearly that events involving encrypted information are exempt from reporting unless it is determined that the encryption has been compromised.