This page contains a Flash digital edition of a book.
LEGAL ISSUES by Kelly Christiano


trator in higher education, the mere thought of compli- ance is sure to keep you up at night, given the myriad of issues the umbrella of compliance encompasses and the ambiguity you must often navigate. Indeed for all of us who go to a conference or stop by the water cooler these days, the word “compliance” is sure to pop up in con- versation. Increasing regulatory scrutiny and legislation, as well as the emergence of new government agencies, means that many businesses and industries must stay on top of requirements pertaining to an endless array of issues, including non-public information (NPI), terms and conditions, disclosures and state and federal laws. As such, colleges and universities are increasingly con- cerned about compliance across their campuses. While the term can encompass much, areas of particular focus on campuses often include controls, data security and regulations specific to higher education.


W


COMPLIANCE STARTING POINT Since your institutions are increasingly relying on out- sourced partners for some of the services you provide on campuses, the Statement on Standards for Attestation Engagements No. 16 (SSAE 16) needs to be part of the campus vendor management vernacular. Formerly known as the SAS 70 and developed 20 years ago to provide customers with a standard audit tool of servic- ing companies that had IT components, the SSAE 16 replaced the SAS 70 in 2011. Te SSAE 16, though, is an attestation, not an audit, that the outsourcers’ systems and processes have been reviewed over a period of time. It is important, however, that your organization knows how to properly evaluate a provider’s SSAE 16.


PCI COMPLIANCE Given the volume of payments that you or your outsourcers are processing for tuition and other cam-


30 JULY/AUG 2012 • TODAYSCAMPUS.COM hat does the word “compliance” mean to


you? Definitions include “obedience” and “conformance.” Yet if you are an adminis-


REAPING THE COMPLIANCE BENEFITS


pus transactions, such as books, events, parking, PCI compliance is a hot topic on campuses today. Te major credit card brands created an independent body to set standards and continually monitor and improve payment account security of the Payment Account Industry (PAI). Now all merchants that transmit, process and/or store cardholder data must be compliant at one of the four merchant levels based on transaction volume. Te process is specific, rigorous and ongoing, and while not a legal requirement, PCI compliance certification can provide you a level of assurance that your institution or outsourced partner has undergone a thorough evaluation to ensure that your valuable cus- tomer payment data is kept secure. Moreover beware, that a transaction processing organization that has not achieved PCI compliance can be subject to penalties of up to $100,000 per month for any PCI violations, a consequence worthy of serious consideration.


REGULATIONS Higher ed institutions often wish to provide increased flexibility to parents and students to make their tuition payments. Tuition payment plans, offered directly by the school or through an outsourced partnership, is an example of one such convenience. Tese plans enable parents and students to spread their annual tuition pay- ment over a period of two to twelve months as opposed to writing one check at the beginning of the term. While these plans can vary widely, they often involve a nominal enrollment fee and may include a convenience fee if the participant chooses to make a payment via credit card. While the plans are very simple for the parent or student to use, navigating the legal and regulatory requirements for schools can be complex. And while schools, parents and students may view


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44