The Compliance Center provides information on federal laws and regulations pertaining to the work of NACAC members. Click on any of the issues below to find out more information. For more information on the US Department of Education’s Program Integrity regulations, please review the Program Integrity Information Q&A.
The Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act requires all postsecondary institutions receiving federal aid to publish and distribute Annual Security Reports (ASRs) by October 1 each year that include specific campus crime statistics and policies. In addition to making the data available to current students and employees, colleges and universities must submit crime statistics to the U.S. Department of Education and notify prospective students and employees that the report is available, along with a description of the contents and the opportunity to request a copy.
Official language regarding prospective students:
“…the institution must provide a notice to prospective students and prospective employees that includes a statement of the report’s availability, a description of its contents, and an opportunity to request a copy. An institution must provide its annual security report and annual fire safety report, upon request, to a prospective student or prospective employee. If the institution chooses to provide either its annual security report or annual fire safety report to prospective students and prospective employees by posting the disclosure on an Internet Web site, the notice described in this paragraph must include the exact electronic address at which the report is posted, a brief description of the report, and a statement that the institution will provide a paper copy of the report upon request.”
In 2013, Congress reauthorized the Violence Against Women Act (VAWA) (Public Law 113-4), which among other things amended the Clery Act to require institutions to include statistics on domestic violence, dating violence, sexual assault, and stalking in their ASRs, as well as include plans for certain policies and procedures around the issue. After concluding negotiated rulemaking on the issue in the Spring of 2014, the U.S. Department of Education published final rules October 20, 2014. As stated in guidance from the Department, institutions were asked to make a good-faith effort to comply with the statutory provisions by October 1, 2014, while final regulations will become effective July 1, 2015.
Coronavirus Clery Requirements
According to guidance from the Department of Education, institutions are not required to give regular, on-going updates on COVID-19 or to proactively identify positive COVID-19 cases within the campus community.
An institution may satisfy the emergency notification requirements of the Clery Act and § 668.46 as follows: (1) provide students and employees a single notification through the regular means of communicating emergency notifications informing them about COVID-19 and necessary health and safety precautions, as well as encouraging them to obtain information from health care providers, state health authorities, and the CDC’s COVID-19 website; or (2) create a banner at the top of the institution’s homepage containing that same information, including a statement about the global pandemic and a link to the CDC’s website.
Helpful Guidance for Admission Offices in Complying with the Clery Act
- The U.S. Department of Education compiled a list of suggested resources to help support the sharing of resources postsecondary institutions may use to inform and tailor their campus sexual assault training and prevention efforts.
- The White House Task Force to Protect Students from Sexual Assault released its first report in April 2014 and continues to update guidance and model policies for schools to use in working to comply with the Clery Act.
- The Clery Center for Security On Campus assists colleges and universities in Clery Act compliance. The website includes resources that can aid institutions as they work to meet the campus safety and security requirements.
- U.S. Department of Education Campus Security webpage. This resource includes links to the Handbook for Campus Safety and Security Reporting, training resources, information on the statute, regulations, and data on campus crime.
- The Higher Education Compliance Alliance resource also includes a wealth of information on the Clery Act within its’ campus safety webpage.
- Occasionally in response to complaints, media incidents, or internal audits, the U.S. Department of Education conducts reviews to determine if institutions are in compliance with the Clery Act requirements. On this page you can access these reports (by year or by school), as well as, accompanying documentation which may include the complaint, school response, or fine action that resulted from the program review.
In April 2016, the European Parliament and European Council approved the General Data Protection Regulation (GDPR); the rule took effect beginning May 25, 2018. Intended to strengthen and unify data protection across the European Union (EU), GDPR includes specific provisions for the handling of personal data exported outside the EU, imposes heavier sanctions for noncompliance, and more.
Any institution that processes and/or maintains data of students or citizens of the EU is subject to these regulations. It is critical for institutions to document what personal data is held by the institution, how and why the information is collected, who has access, and when it will be deleted.
Institutions must be able to demonstrate compliance with the following six principles:
- Lawfulness, fairness, and transparency in the processing of personal data.
- Purpose limitation. Personal data obtained for specified, explicit, and legitimate purposes and not further processed in a manner that is compatible with those purposes.
- Data minimization. Data processed is adequate, relevant, and limited to what is necessary.
- Accuracy. Personal data is accurate and, where necessary, kept up to date.
- Storage limitation. Personal data is not kept longer than necessary. However, data aggregated for archiving and research purposes can be kept longer, always subject to safeguards.
- Integrity and confidentiality. Adequate technical and organizational measures must be in place to guard against unauthorized or unlawful processing, laws, damage, or destruction.
In order to ensure compliance, institutions are encouraged to:
- Consult your institution’s legal team.
- Maintain all records and documentation of implementation strategies.
- Conduct an audit of what personal data the institution maintains, how it is used, and to whom it is disclosed.
- Use the results of your audit to identify which services may present most risk and focus on mitigating those.
- Review and update student and staff privacy notices to reflect the new transparency requirements of the GDPR.
- Assemble training materials to raise staff awareness of compliance requirements.
For additional information visit:
- American Association of Collegiate Registrars and Admissions Officers (AACRAO), EU GDPR Guidance Resources
- Implications of the General Data Protection Regulation: An Interassociation Guide, developed by AACRAO and others
- EDUCAUSE, The General Data Protection Regulation Explained
- Jisc, Data protection guidance
- Jisc, Preparing for the General Data Protection Regulation (GDPR) for higher education institutions
- Information Commissioner’s Office, Preparing for the General Data Protection (GDPR)
- EU GDPR, GDPR Portal
The Family Educational Rights and Privacy Act (FERPA) of 1974 is a federal law that affords parents the right to have access to their children’s education records, the right to seek to have the records amended and the right to have some control over the disclosure of personally identifiable information from the education records. When a student turns 18 years old, or enters a postsecondary institution at any age, the rights under FERPA transfer from the parents to the student (“eligible student”). Regulations for FERPA were amended, effective in January 2012.
The U.S. Department of Education’s Privacy Technical Assistance Center (PTAC) is a one-stop website for guidance, tools, and best practices on data privacy, security and confidentiality of student records, including FERPA compliance.
Also, see the Department’s Family Policy Compliance Office (FPCO), which provides parents, eligible students, and school officials at the elementary, secondary, and postsecondary levels with a variety of resources and information regarding FERPA and the Pupil Rights Amendment (PPA).
- Guidance: Technical Assistance on Student Privacy for State and Local Educational Agencies When Administering College Admissions Examinations (May 2018)
- Guidance for “Eligible Students”: General information about FERPA (February 2011)
- A Transgender Advocate’s Guide to Updating and Amending School Records: Under FERPA, students have a right to seek to amend their school records if said records are “inaccurate, misleading, or in violation of the student’s rights of privacy.” Transgender students wishing to change their name and gender marker on their educational records can seek such an amendment under this federal law.
The financial aid regulation guides financial aid administrators, members of student access, and success in higher education groups to stay up to date with guidance from the ED and be able to advise students.
See below for more information on how to look for regulations related to financial aid administration:
FSA Partner Connect will let you explore policy and guidance in the Knowledge Center, access helpful tools, find training announcements, or link to other Federal Student Aid websites to manage Title IV program eligibility and complete aid administration tasks.
The Student Aid Reference Desk (or Ref Desk) is a compilation of important links to financial aid regulations, legislations, and many other important key resources for members in student access and success in higher education.
Background
To remain eligible for Title IV student aid program funds under the Higher Education Act, vocational programs of training at non-profit and for-profit institutions are required by statute to prepare students for gainful employment in a recognized occupation. Examples of these programs include training in auto mechanics, cosmetology, culinary arts, and heavy equipment operation.
- Incentive Compensation Q&A, U.S. Department of Education
- Guidance from the U.S. Department of Education: This letter provides guidance on three areas of the final regulations addressing program integrity issues: state authorization, incentive compensation, and misrepresentation.
- International Recruitment/Agents
- the nature of an eligible institution’s educational program (such as program content, transferability of credits, and certification for practice in a field),
- its financial charges (such as costs and refund policies, availability and type of financial assistance, and rights in applying or rejecting any particular type of financial assistance),
- or the employability of its graduates (such as the institution’s knowledge about the current or future conditions, compensation, or employment opportunities in the industry; and requirements that are generally needed in the field.)
are prohibited in all forms, including those made in any advertising, promotional materials, or in the marketing or sale of courses or programs of instruction offered by the institution. Substantial misrepresentation is defined as “any misrepresentation on which the person to whom it was made could reasonably be expected to rely, or has reasonably relied, to that person’s detriment.” In determining whether an institution has engaged in substantial misrepresentation and the appropriate enforcement action to take, the Department will consider the magnitude of the violation and whether there was a single, isolated occurrence.
On Sept. 24, 2019, the U.S. Department of Labor announced a final overtime pay rule. The final rule updates the earnings thresholds necessary to exempt executive, administrative, and professional employees from the Fair Labor Standards Act’s (FLSA) minimum wage and overtime pay requirements and allows employers to count a portion of certain bonuses/commissions towards meeting the salary level.
The final rule:
- Raises the “standard salary level” from the currently enforced level of $455 per week to $684 per week (equivalent to $35,568 per year for a full-year worker);
- Raises the total annual compensation requirement for “highly compensated employees” from the currently enforced level of $100,000 per year to $107,432 per year;
- Revises the special salary levels for workers in U.S. territories and the motion picture industry.
The final rule is effective on Jan. 1, 2020. In March 2018, the Department of Labor released this fact sheet, which answers some questions and provides additional clarity about who is exempt from overtime pay.
See this NACAC fact sheet for more information.
On December 12, 2019, the U.S. Department of Labor announced a final rule that clarifies which perks and benefits must be included in the regular rate of pay, as well as which perks and benefits an employer may provide without including them in the regular rate of pay.
For specific concerns about how this may relate to your admission office, NACAC encourages you to consult with your Legal Counsel office.
This page will be updated as needed. Contact legislative@nacacnet.org with general questions or comments about this regulation.
Under the Internal Revenue Code, NACAC and its affiliates are prohibited from directly or indirectly participating in any political campaign on behalf of or in opposition to any candidate for elective public office. Contributions to political campaign funds or public statements of position (verbal or written) made on behalf of the organization in favor of or in opposition to any candidate for public office violate the prohibition against political campaign activity.
For additional information, visit:
IRS, The Restriction of Political Campaign Intervention by Section 501(c)(3) Tax-Exempt Organizations
The Telephone Consumer Protection Act (TCPA) was passed in 1991 to place restrictions on telemarketing, pre-recorded, or auto-dialed calls. TCPA protects consumers from unsolicited phone calls in many cases, but there are also exemptions. Included in the exemptions are “non-telemarketing, informational calls, such as those by or on behalf of tax-exempt non-profit organizations…” Therefore, non-profit colleges and universities should not be concerned about compliance with this law.
In 2012, the Federal Communications Commission (FCC) updated the law, raising alarm for admission and recruitment professionals. However, there have been no revisions to the original exemptions of non-profits. The updates simply clarified the rule governing prior written consent and removed an exemption regarding “established business relationships.” All institutions previously covered under the non-profit exemption retain that status.
Under Higher Education Act regulations (effective July 1, 2011), institutions are required to develop and follow procedures for evaluation of the validity of a student’s high school completion if the institution or the Department of Education has reason to believe that the high school diploma is not valid or was not obtained from an entity approved to provide secondary education (§ 668.16(p)).
NACAC has developed a policy brief outlining the regulations pertaining to the verification of high school completion requirements.
To search the U.S. Department of Education’s Database of Schools, visit the following links below:
• Public Schools
• Private Schools
Diploma verification policy guidelines:
Recent years have seen explosive growth in the number and types of postsecondary credentials that document learning, with much of this growth coming in the form of non-degree certificates. Understanding credentials and the learning they each represent is of critical importance for college and university leaders in their efforts to support student success and enhance institutional performance.
