Compliance Calendar
Track regulatory deadlines and ongoing compliance requirements for education institutions.
Upcoming Deadlines
FSA Cybersecurity Requirements for Title IV Institutions
Federal Student Aid requires Title IV participating institutions to maintain cybersecurity programs consistent with GLBA Safeguards Rule, including risk assessments, incident response plans, and annual reporting.
GLBA Safeguards Rule — Higher Education Compliance
Higher education institutions participating in Title IV federal student aid programs must comply with the FTC's updated Safeguards Rule, including designating a qualified individual to oversee the information security program.
PTAC Data Governance Best Practices Review
Privacy Technical Assistance Center (PTAC) recommends annual review of data governance policies, vendor agreements, and data sharing practices for educational agencies receiving federal funding.
New York Education Law 2-d Annual Review
NY Ed Law 2-d requires educational agencies to adopt a data security and privacy policy, conduct annual reviews of third-party contracts, and ensure vendors comply with FERPA and state privacy requirements.
FERPA Directory Information Opt-Out Period
Institutions must provide a reasonable period for parents/students to opt out of directory information disclosure before the start of each academic year.
Ongoing Requirements
California SOPIPA Compliance
Student Online Personal Information Protection Act (SOPIPA) requires operators of websites, online services, and apps used for K-12 school purposes to implement and maintain reasonable security procedures and practices.
Illinois Student Online Personal Protection Act (SOPPA)
Illinois SOPPA requires operators to maintain a comprehensive information security program, provide transparency regarding data collection practices, and comply with data deletion requests.
Colorado Student Data Transparency and Security Act
Colorado law requiring school districts and vendors to maintain data governance policies, provide parent/student access to data, and implement security safeguards for student personally identifiable information.
CISA K-12 Cybersecurity Recommendations
CISA's recommendations for K-12 school districts to implement baseline cybersecurity measures including MFA, patching, backups, and incident response planning per the K-12 Cybersecurity Act.
Texas Student Data Privacy (HB 890)
Texas law requiring school districts to adopt acceptable use policies for technology, maintain data security standards, and ensure third-party operators protect student data.
FERPA Annual Notification of Rights
Educational institutions must annually notify parents and eligible students of their FERPA rights, including the right to inspect records, request amendments, and control disclosure of personally identifiable information.
Recently Completed
FTC COPPA Rule Modernization
Updated COPPA rule strengthening children's online privacy protections, including new requirements for EdTech platforms collecting data from children under 13. Requires verifiable parental consent updates and data minimization.
Regulator Directory
Disclaimer: This calendar is for informational purposes only and should not be relied upon as legal or compliance advice. Always verify deadlines and requirements with official regulatory sources and consult with qualified compliance professionals.