Compliance in Education: Why is it So Complex?

Compliance means a lot of different things to academic institutions. These organizations must comply with countless regulations, standards, and laws affecting all aspects of their operations.

Schools’ compliance requirements have grown more complex since education entered the digital age. Providing access to tools like software, eBooks, and cloud-based systems creates a myriad of new compliance-related concerns for academic IT teams.

To understand why compliance is so complicated in the digital age, let’s look some of the many compliance concerns institutions need to juggle.

Privacy Laws

Privacy has been a huge concern at colleges and universities since education began to go digital. It’s been a fixture on EDUCAUSE’s annual list of top academic IT priorities since 2018.

For many institutions, this is partially a response to growing legal pressure. From the GDPR in the EU to the CCPA in California, strict new privacy laws are proliferating around the world. These laws reflect an accelerating trend in which organizations are held responsible for safeguarding the private data of their end users – and can face harsh penalties if they don’t.

Meanwhile, the digitization of education is making it harder for institutions to keep data secure. A rash of high-profile data breaches have demonstrated that schools are vulnerable (and popular) cyberattack targets. To avoid these breaches, even schools that aren’t governed by the GDPR or CCPA need to comply with strict data-security standards.

This makes it critical for school IT leaders to invest in secure systems that incorporate privacy by design and comply with applicable privacy requirements. The costs of noncompliance can be severe, whether in the form of a GDPR fine or a ransomware attack.

Accessibility Standards

As with compliance in general, accessibility means many things to academic institutions. Let’s focus on areas in which the digital age has complicated compliance with accessibility standards.

First: as more school services and course resources move online, schools need to ensure that their digital infrastructure is as accessible as their physical infrastructure. This means ensuring that all websites and systems used by students, staff, and faculty adhere to the Web Content Accessibility Guidelines (WCAG) as well as any applicable laws (e.g. the ADA in the US).

Second: as reported by Higher Ed Dive, schools are starting to concern themselves not just with physical accessibility but with financial accessibility. COVID-19 has brought this issue to the forefront. Since transitioning to remote learning, many schools have struggled with the question of how to serve students in remote and low-income areas, who may lack home internet access.

The second issue isn’t technically a compliance concern yet, as there are no laws or standards governing internet accessibility in education. But since remote learning isn’t going away, schools will eventually need to develop policies to address this aspect of accessibility.

Licensing Terms and Conditions

Schools also have to ensure compliance with all terms and conditions associated with the various digital resources they license. Given the sheer volume of software used in higher education, this is a daunting task.

Institutions often license software exclusively for specific users, such as faculty or students from select departments or courses. Every course transfer can potentially affect what software and eBooks a student is eligible for. Some software is licensed for home use; some can only be installed on campus computers. These are just some the licensing rules that can apply to academic digital resources.

Ensuring compliance with all these terms and conditions is a major burden for IT teams. They have to devote resources to deprovisioning access to software as students lose eligibility. They need a means of communicating terms to end users and prompting them to accept. This becomes even more challenging in remote-learning and BYOD scenarios, as IT needs to ensure compliance on non-campus devices.

*  *  *

Between the needs to safeguard private data, meet accessibility standards, and enforce a web of licensing conditions, school IT teams have their work cut out when it comes to ensuring compliance. And as digital tools, online learning, and new laws proliferate, this responsibility will only grow more complex.

There are steps institutions can take to manage compliance-related risks. Incorporate privacy by design into all school systems, and only work with partners who do the same. Consult the Higher Education Community Vendor Assessment Toolkit (HECVAT) to vet all vendors. Use single sign-on (SSO) authentication to restrict access to software. Finally, consider a centralized approach to managing licenses, as centralization improves visibility into who’s accessing licensed software.