april 2019 risk and compliance news...april 2019 risk and compliance news following are excerpts...
TRANSCRIPT
April 2019 Risk and Compliance News Following are excerpts from news articles having a risk management or compliance impact. The full article may be seen at the referenced source. Topics for this month include the following:
• Academic Programs
• Access/Disability
• Campus Security
• Diversity/Discrimination
• Environmental Health & Safety
• Finance/Accounting
• Human Resources
• Information Security & Privacy
• Student Financial Aid
Academic Programs
Admissions Scandal Hits Harvard
As the admissions scandal hit last month, officials at Harvard
University might have felt some relief when applicants to Yale
and Stanford Universities were implicated, but no would‐be
Harvard students.
Harvard remains a step removed from the Varsity Blues
indictments. But on Thursday, The Boston Globe reported that
a wealthy man had purchased a home from the Harvard
fencing coach, paying well over what the home was worth. A
short while later, the man's son was admitted to Harvard and
joined the team. Unlike the Varsity Blues scandal, the man's
son appears to be committed to the sport and is still listed on
the team roster.
Harvard is now investigating the matter. "Harvard University
was unaware of these circumstances until it was contacted by
The Boston Globe, and is now undertaking an independent
review of this matter. We are committed to ensuring the
integrity of our recruitment practices," said a statement the
university provided to Inside Higher Ed.
According to the Globe, the home in question was owned by
Peter Brand, the fencing coach at Harvard. In 2016, he sold the
home for nearly $1 million, even though its assessed value was
$549,300. The purchaser, Jie Zhao, never lived in the house and
sold it 17 months later, taking a loss of $324,500. But in the
interim, Zhao's younger son was admitted to Harvard and joined
the fencing team. Zhao told the Globe that the purchase had
nothing to do with his son's efforts to get into Harvard. His son
was an excellent student and fencer, Zhao noted. But he did
want to help out Brand, who has had a long commute from his
home to work and could benefit by buying a home closer to the
university. (Zhao's older son was on the team at the time.)
Brand did not respond to the Globe or Inside Higher Ed about
the situation.
Harvard has a conflict‐of‐interest policy that would appear to
apply to cases where a coach would sell a home at an inflated
price to the father of an athlete and an applicant.
The policy states that “a conflict of interest exists when
individual commitment to the university may be compromised
by personal benefit. Employees are expected to avoid
situations or activities that could interfere with their
unencumbered exercise of judgment in the best interests of
Harvard University.”
Failure to report potential conflicts, the policy says, "may be grounds for disciplinary action and may lead to termination."
Claudine Gay, Edgerley Family Dean of the Faculty of Arts and
Sciences at Harvard, sent professors a message Thursday
about the situation. In the message, Gay said that the reports
currently being investigated "are not related in any way" to the
Varsity Blues scandal. In that scandal, some parents are
accused of bribing coaches to place their children's names on
lists of recruited athletes, even though those children did not
play the sport and had no intention of doing so. Generally,
being a recruited athlete has a major positive impact on the
odds of admission, in particular at elite colleges that turn away
many qualified applicants.
"The new allegation that came to light this week is against one
individual regarding transactions that pertain to one family. I
say this not to minimize the concerns that this allegation raises. I take them very seriously. Instead, I want to ensure that
we consider them in the appropriate context," Gay wrote.
She added, "These revelations naturally raise questions about
how Harvard’s recruitment practices for student athletes
compare to those of peer institutions. I want to take a moment
to describe them for our community. Our process is distinctive
in two important ways. First, the applications of all recruited
student athletes are reviewed by the full admissions committee
and decisions are made through a vote of the entire committee.
The committee has approximately 40 members. Second, all
recruited student athletes must be interviewed by an
admissions officer or alumni interviewer. It is my understanding
that other institutions may have different practices."
New Procedures Announced at Dartmouth
Dartmouth College has not been touched by any of the
indictments, either.
But on Thursday the college confirmed that it is taking steps to
prevent the kind of abuses alleged in last month's indictments.
"In light of these revelations, the athletics office is
strengthening its efforts to ensure the integrity of that process.
We are committed to formalizing the protocols for
administrative approval of each recruit and an annual review
of all first‐year students who were recruited athletes to ensure
that they appear on the appropriate team roster," said a
statement from the college. "Going forward, we will require
that, before a coach communicates their support for a
candidate to the Admissions Office, that candidate’s athletic
credentials are reviewed and approved by an administrator as
a legitimate recruit with the athletic talent necessary to
contribute to our Division I varsity team. While the data from
the last three entering classes demonstrates that no
Dartmouth coach has supported an inappropriate candidate,
this protocol is being instituted to further increase the rigor of
the process in response to the 'Operation Varsity Blues'
scandal uncovered at other institutions."
Source: Inside Higher Ed—April 8, 2019
...................................................................................................
Risk and Compliance News—April 2019 Page 2
Moving Forward (At Last) on Federal RuleChanges
A tumultuous three months of back‐and‐forth between U.S.
Department of Education officials and representatives across
higher education culminated last week in proposals that clarify
and update existing rules around digital learning and innovation.
Advocates for online learning and other emerging education
models found plenty to celebrate as the process wrapped up.
The final proposed rules include language that mitigates
ambiguity around phrases like “distance education” and
“regular and substantive interaction,” which have long puzzled
institutions developing programs for an increasingly diverse
set of learners.
Meanwhile, the Department of Education abandoned several
controversial proposals from the beginning of the process,
including eliminating the federal credit‐hour standard and
removing the cap on outsourcing of academic programs, amid
widespread criticism.
Still, critics of the process and the proposed changes continue
to worry that the new rules as written remove vital checks on
new programs and providers and could open the door to
abuses of students. Fittingly, some elements of the proposed
rules, like a waiver process of sorts for institutions eager to
bypass accreditation for innovative programs, will require
further clarification.
The department in January laid out a wide range of priorities
for this year’s negotiated rule‐making process, a formal
convening to hash out federal rules that clarify existing laws. A main committee of negotiators met for 14 full days from
January to April, and each of three subcommittees spent six
daylong sessions debating portions of the proposed rules.
The goal of each negotiated rule‐making process is for
participants to formally reach consensus on proposed rules.
This time they did, which means the department is legally
obligated to put those proposals through a public comment
Risk and Compliance News—April 2019 Page 3
period before preparing to implement them. If they hadn’t, the
department itself could have rewritten the proposals.
The earliest the rules could go into effect is July 2020, though
the implementation process could extend into 2021, after the
next presidential election. Diane Auer Jones, the Education
Department’s principal deputy under secretary, told reporters on Thursday that the new set of proposed rules represents
“the start of a conversation, not the end.”
Source: Inside Higher Ed—April 9, 2019
...................................................................................................
OCR Tells Med School to Stop Considering Race in Admissions
The U.S. Education Department's Office for Civil Rights is
requiring Texas Tech University's medical school to stop
considering race in admissions. The move marks an escalation
of the Trump administration's efforts against colleges'
affirmative action policies.
The move is based on past U.S. Supreme Court decisions, not
the current lawsuit against Harvard University, which critics of
affirmative action hope will be a vehicle to limit the ability of
colleges to consider race in admissions.
In the OCR agreement with Texas Tech, the government states
that the medical school could resume consideration of race in
admissions if it provides a "reasoned, principled explanation
for its decision and identifies concrete and precise goals"
consistent with legal standards. Any such future plan ‐‐ which
OCR would require the university to provide the government
60 days in advance for review ‐‐ would have to show that race‐
neutral alternatives would not work. Further, the plan would
need to show that "no undue burden is imposed on applicants
of any racial groups."
Texas Tech's medical school appears to have gotten in trouble
for failing to demonstrate that it was conducting regular
reviews of its affirmative action programs to be sure that
consideration of race was needed.
The university indicated in a letter to OCR that it believed it
was not doing anything illegal, but that it would go along with
OCR's determination.
Medical schools have long played a key role in affirmative
action debates. The Supreme Court's 1978 Bakke decision,
which involved an applicant to the medical school at the University of California, Davis, continues to govern college
admissions policies well beyond medical schools. The ruling
said that colleges could consider race in admissions, in certain
circumstances, but could not reserve slots based on race or
ethnicity.
In the years since, medical schools have struggled with
diversity, seeing dramatic increases in Asian American
enrollments but remaining relatively flat in black and Latinx
enrollments.
Eric Bentley, vice chancellor of the Texas Tech University System, wrote to OCR that the university was agreeing to the
limits placed by OCR, but that the university "strongly believes
that diversity in academic medicine is not only a necessity at
[the medical school] but is a necessity nationally as well."
The Center for Equal Opportunity, which opposes the
consideration of race in admissions, filed a complaint against
Texas Tech in 2004, and that complaint led ‐‐ eventually ‐‐ to
the recent agreement.
Roger Clegg, president and general counsel of the center, said via
email that he believed "a lot" of colleges are not "meeting the
narrow tailoring requirements set out by the Supreme Court."
And one of those requirements, he noted, is to conduct regular
reviews of whether the policies to consider race are needed.
Future of Affirmative Action
The agreement between OCR and Texas Tech comes amid a
push by the Trump administration to limit colleges'
consideration of race. The administration has backed a lawsuit
charging that Harvard discriminates against Asian American
applicants, and is investigating the issue at Yale University as
well. (Both universities deny wrongdoing.)
An Education Department spokeswoman said that the
agreement was consistent with Supreme Court rulings. "The
Supreme Court has issued clear guidance on the appropriate
consideration of race in college admissions and OCR is
enforcing … the court’s rulings," she said via email.
Source: Inside Higher Ed—April 15, 2019
...................................................................................................
Access/Disability
Legal Battle over Captioning Continues
Two high‐profile civil rights lawsuits filed by the National
Association of the Deaf against Harvard University and the
Massachusetts Institute of Technology are set to continue
after requests to dismiss the cases were recently denied for
the second time.
The two universities were accused by the NAD in 2015 of failing
to make their massive open online courses, guest lectures and
other video content accessible to people who are deaf or hard
of hearing.
Some of the videos, many of which were hosted on the
universities' YouTube channels, did have captions ‐‐ but the
NAD complained that these captions were sometimes so bad
that the content was still inaccessible.
Spokespeople for both Harvard and MIT declined to comment
on the ongoing litigation but stressed that their institutions
were committed to improving web accessibility.
This is not the first time a university has faced legal
consequences for failing to adequately caption videos. The
University of California, Berkeley, decided to remove thousands
of educational videos from public view in 2017 after the U.S.
Justice Department ordered the university to provide captions.
The decision drew criticism from disability rights advocates but
highlighted the financial and administrative burden placed on
universities by web‐accessibility requirements.
Both MIT and Harvard have argued in court filings that they
should not be required to provide closed captions for every
video they create or host on their websites. After the
institutions’ first attempt to dismiss the cases was denied,
there was a yearlong attempt to reach a settlement out of
court. When that attempt failed, the universities again moved
to dismiss the cases.
Judge Katherine A. Robertson of the U.S. District Court of
Massachusetts largely rejected the universities' second attempt
to dismiss the cases. On March 28, Robertson denied the
Risk and Compliance News—April 2019 Page 4
institutions' pleas for the exclusion of their websites from Title III
of the Americans With Disabilities Act and Section 504 of the
Rehabilitation Act. Title III of the ADA prohibits disability
discrimination by "places of public accommodation."
Section 504 of the Rehabilitation Act prohibits discrimination on
the basis of disability in programs that receive federal funding.
Judge Robertson did, however, agree that the universities could
not be held responsible for the accessibility of third‐party
content on their websites under the Communications Decency
Act. The CDA was an attempt by Congress in 1996 to regulate
pornographic material on the internet, but Section 230 of the
act has been used to argue that operators of internet services
should not be regarded as publishers and cannot, therefore, be
held liable for content they did not create.
Arlene Mayerson, directing attorney of the Disability Rights
Education and Defense Fund and one of the lawyers
representing the plaintiffs in the case, said that the third‐party
content represents “a tiny amount of the material that we
have been looking to have captioned.” The most significant
part of Judge Robertson's ruling was her rejection of the
universities' arguments that much of their online content was
outside the accessibility requirements of the ADA and the
Rehabilitation Act, Mayerson said.
Harvard and MIT define third‐party content as "including
content posted by students, individual faculty members and
other scholars." But in court documents, the plaintiffs
disagreed that content created by "individuals such as faculty
members and students who are closely associated" with the
universities should be classified as "third party." Judge
Robertson ruled that third‐party content could not include
content created or developed "in whole or in part" by the
universities, or "someone associated" with the universities.
Scott Lissner, the ADA coordinator at Ohio State University, said
he believes it is his responsibility to make all content on Ohio
State websites accessible, regardless of where it comes from.
“If we believe the information is useful to our constituents and
program participants then it should be available to all of our
constituents and program participants with the same level of
independence, planning and effort,” he said.
Mayerson believes the recent ruling against the universities is
the "end of the line" in terms of having their cases dismissed.
Source: Inside Higher Ed—April 8, 2019
...................................................................................................
Risk and Compliance News—April 2019 Page 5
University of Louisville Being Investigated for Possible Disability Discrimination
The U.S. Department of Education's Office for Civil Rights is
investigating the University of Louisville for possible disability‐
related discrimination.
University spokesman John Karman confirmed that the Office
for Civil Rights has launched a case, which specifically concerns
website and online course accessibility.
The education department's website says the U of L
investigation began March 27.
Inside Higher Ed reported in November 2018 that hundreds of
colleges are being investigated for their failure to ensure
individuals with disabilities can access their websites properly.
The investigation into Louisville may be similar.
Universities like U of L that are recipients of federal financial aid
are legally expected to institute "reasonable accommodations"
in order to make online resources accessible to all visitors,
including those with limited mobility and people who are blind
or deaf, according to Inside Higher Ed.
In some cases, lawsuits have been filed over problems
students experienced when they tried to use online classes or
electronic course materials.
Chris Danielsen, a spokesman for the National Federation of
the Blind, said people with disabilities, including those who
have visual impairments, often have trouble accessing
colleges' websites and online classes. The federation has filed
complaints and worked with individuals who came forward
with complaints that prompted the Office for Civil Rights to
investigate the matter.
People with visual impairments regularly use online resources in
their day‐to‐day life, just like everybody else, Danielsen
noted. For example, he is blind and works on his computer by
using a screen reader that identifies and verbally describes text,
links and other data that's presented on each web page he visits.
But certain websites, including those of various colleges, aren't
always compatible with that kind of software.
“When we talk about accessibility ... what we’re talking about
is websites or digital content that is coded in such a way that
it’s difficult for a screen reader to interpret it," he said. "It's
getting better because of all the investigations and because
there's more awareness, but it's not unusual at all.
"I would not be surprised if those kinds of issues were not what
OCR is investigating with respect to the University (of
Louisville)," he said.
Section 504 of the Rehabilitation Act of 1973 and Title II of the
Americans with Disabilities Act of 1990 both include protections
against discrimination and require that colleges either ensure their technology is fully accessible to people who have disabilities
or otherwise provide "equal access to the educational benefits
and opportunities afforded by the technology," according to the
Department of Education's website.
In recent years, the department's Office for Civil Rights has
resolved various technology‐related cases.
For example, it reached an agreement with the University of
Virginia's business school in 2010 concerning the use of e‐readers
that aren't fully accessible to students who have visual
impairments, and in 2014 the University of Cincinnati agreed, among other things, to review any e‐learning platform it uses as
well as its website and correct any accessibility problems it found.
Source: Courier Journal—April 9, 2019
...................................................................................................
Red Flags for Applicants with Mental Health Issues
Colleges aren't supposed to ask applicants whether they have
a disability. But many applicants share the information on their
own. In some cases, it may relate to a student's high school
record. For many students, upon being urged to write an
application essay about something significant in their life, or
overcoming a challenge, dealing with a disability can be a
logical topic.
But what if that information is used against the applicant? That
appears to have been happening to applicants with mental
illness at New College of Florida, and the situation is raising
concern there and elsewhere among advocates for students with disabilities.
Risk and Compliance News—April 2019 Page 6
If an applicant writes an essay about issues with psychological
challenges, the admissions staff places a red flag on the
application and it receives another view. Notably, this happens
even if the student has received a score (in a formula largely
based on grades, high school curriculum and test scores) that
qualifies the applicant for automatic admission. And some of
those applicants have been getting rejected.
New College says the red flags were just part of a holistic
admissions process (generally used for those who don't qualify
for automatic admission) and didn't assure rejection of anyone.
Two students who had jobs in admissions complained about
the practice last year, saying that it amounted to illegal
discrimination against people with disabilities. New College
conducted an investigation and determined that the practices
were legal. When that investigation became public last week,
when The Herald‐Tribune wrote about it, many students and
alumni were upset. They said that the practice ‐‐ even if legal
(which some doubt) ‐‐ wasn't ethical.
On Friday, Donal O'Shea, president of the college, posted a
statement to social media in which he said that the issue would
be investigated again ‐‐ this time by an outside group.
"New College very much values cognitive diversity," he wrote.
"We love the different learning styles, the different abilities
and the different challenges that our students bring."
He added, "We are aware of complaints about the admissions
process and the climate in the admissions office. We take
these very seriously." He said that an external investigation would take place in May.
While many students are applauding the new investigation,
the college's Facebook page also has comments from students
and alumni asking why the college, having known about the
situation for a year, didn't do more until the issue became
public last week.
The Complaint
New College is a public institution in Florida, and stands out for
having the size and approach of a liberal arts college in a state
where public universities tend to be large in size with many
graduate and professional programs. The college has a strong
academic reputation.
The two former admissions workers who filed the complaint ‐
‐ Maria Simmerling and Eugenia Quintanilla ‐‐ were students
who graduated last year. They have posted a copy of their complaint online. They describe working in admissions out of
their love for the college, but also their dismay on discovering
in 2017 that there was a new policy to place red flags on the
applications of people with disabilities for the purpose of
"weeding out" such applicants.
They write that they understand why some applicants need a
second review, but fear that flagging those whose essays noted psychological challenges was an illegal and unethical attempt to
keep out students with psychological and other disabilities.
They write that they tried to discuss the issue in the admissions
office and filed a formal complaint with the college only when
they were shut down.
The Investigation
That complaint led to an investigation and report by Barbara
Stier, chief compliance officer at the college. New College
released a copy of the report to Inside Higher Ed. The report
found that red flags were indeed used in admissions to set off
another review, but stressed that they were used for multiple
reasons. An applicant might be flagged for "essay topic" (as the
complaint said with reference to psychological disabilities), but
also for low test scores or low grades or a missing foreign
language requirement. Many of those flagged for reasons
other than essays would not have met the standards for
automatic admission.
Stier examined the files of those applicants who received a red
flag for material mentioned in an essay and who scored at or
above the level that is supposed to lead to guaranteed
admission. She found a range of outcomes for these 33
applicants in the period studied. Of the 33, 13 were admitted,
11 were rejected, and the rest were either placed on a waiting
list or asked for additional information. The range of outcomes
led Stier to say that there was no discrimination.
Not everyone is convinced that the policy is appropriate.
John MacPhee, executive director of the Jed Foundation,
which promotes mental health awareness and suicide
prevention among college students, said via email that he was
troubled by what New College has been doing.
"Disclosing mental health challenges in a college application
essay is an authentic and brave thing to do, and it is exactly the
kind of honest sharing that is encouraged to reduce the shame,
secrecy and fear that can hold people back from seeking
mental health care," said MacPhee. "We would be concerned
if such disclosure were to be used as an input to consider not
admitting a student to school; and if it were, transparency
Risk and Compliance News—April 2019 Page 7
would be critical as it would be important for students and
families to know so before they submit an application."
Guidance for College and Students
The U.S. Education Department, during the Obama
administration, published guidance for students and colleges
on transitions to postsecondary education for students with
disabilities.
The guidance says that disability status cannot be the reason
for rejection. "If you meet the essential requirements for
admission, a postsecondary school may not deny your admission simply because you have a disability," says the
guidance. It goes on to say that there is no obligation by an
applicant to inform a college of a disability unless it is part of a
request for an academic adjustment related to the disability.
Source: Inside Higher Ed—April 29, 2019
...................................................................................................
Campus Security
Student Destroys 66 College Computers
A former student has admitted to causing thousands of dollars’
worth of damage to computer equipment owned by the College
of St. Rose, a private nonprofit institution in Albany, N.Y.
Vishwanath Akuthota pleaded guilty this week to destroying
66 college computers as well as computer monitors and
lecture hall podiums worth more than $58,000, according to
the U.S. attorney's office in New York.
Akuthota used a USB Killer to destroy the computers. The
device is small and looks like an ordinary USB thumb drive, but
it sends a command that causes high‐voltage power surges
that can damage computer hardware.
Akuthota admitted he intentionally destroyed the computers
and recorded himself doing so on his iPhone. In the video, he
made comments such as “I’m going to kill this guy” before
inserting the USB Killer device.
Akuthota, 27, is an Indian national who is in the U.S. on a student
visa. He is due to be sentenced in the U.S. District Court of the
Northern District of New York in August. He has already agreed
to pay back $58,471 in restitution to the college but faces up to
10 years in prison and a possible fine of up to $250,000.
Source: Inside Higher Ed—April 19, 2019
...................................................................................................
Diversity/Discrimination
Montana State University Settles Discrimination Case, Hit with New One
Montana State University has agreed to pay $120,000 to a
former student who claimed school officials discriminated
against him when they expelled him for allegedly threatening
violence against a transgender student.
The Bozeman Daily Chronicle reports news of the school's
settlement with Erik Powell comes the same week as the
transgender student filed a lawsuit of her own against the school.
Powell denied making the statement against the student that
was the basis of his expulsion. His attorney, Jesse Binnall, says
MSU will erase the expulsion from his record.
Myka Perry claims in her lawsuit filed Monday that MSU
discriminated against her by refusing to provide coverage for a
second and third gender‐affirming surgery. MSU spokesman
Michael Beck says neither party admitted wrongdoing in
Powell's case. He declined to comment on Perry's lawsuit.
Source: Billings Gazette—April 19, 2019
...................................................................................................
U.S. Supreme Court to Rule on LGBTQWorkplace Protections under Title VII
Whether LGTBQ employees are protected from employment
discrimination by Title VII of the Civil Rights Act will be decided
by the U.S. Supreme Court next term.
The Court has agreed to hear three cases to determine:
1. Whether Title VII’s ban on “sex”‐based discrimination
prohibits discrimination based on sexual orientation;
and
2. Whether Title VII prohibits discrimination against
transgender claimants based on their status as
transgender or based on sex stereotyping.
With these cases, the Supreme Court will address pending
LGBTQ protections, providing much needed guidance to
employers and employees.
Risk and Compliance News—April 2019 Page 8
Sexual Orientation under Title VII
The Supreme Court has agreed to hear two cases together in
order to resolve a split in the U.S. Courts of Appeals on whether
Title VII’s prohibitions against discrimination “because of sex”
extends to discrimination based on sexual orientation.
In Zarda v. Altitude Express Inc. and Ray Maynard, 883 F.3d 100
(2d Cir. 2018), the Second Circuit held that Title VII extends to
sexual orientation claims. Skydiving instructor Donald Zarda
told one of his customers he was gay in an effort to make her
more comfortable skydiving in tandem with him. Shortly after
that, the customer’s boyfriend told the employer Zarda was
gay and the employer fired Zarda. Zarda sued the employer for
wrongful termination and discrimination in violation of Title
VII. Refusing to dismiss the case, the Second Circuit joined the
Seventh Circuit and the Equal Employment Opportunity
Commission (EEOC) in holding Title VII extends to sexual
orientation claims.
On the other hand, the Eleventh Circuit, in Bostock v. Clayton
County, Georgia, 723 F. App’x 964 (11th Cir. 2018), held that Title
VII does not apply to discrimination based on sexual orientation.
Child‐welfare‐services coordinator Gerald Bostock claimed that
after the employer learned he was gay, the employer falsely
accused him of mismanaging public money in order to fire him.
He claimed he was fired because of his sexual orientation.
Transgender Protection under Title VII
In the third case, the Court will clarify whether Title VII
protections extends to discrimination based on gender identity.
In EEOC v. R.G. & G.R. Harris Funeral Homes Inc., 884 F.3d 560
(6th Cir. 2018), the Sixth Circuit held that Title VII prohibits
discrimination based on gender identity. Aimee Stephens was
a funeral director at a small funeral home. The employment
records for Stephens identified her as a man when she was
hired in 2007. In 2013, Stephens wrote a letter to her funeral
home employer that she identified as a woman and wanted to
wear women’s clothing to work after she returned from
vacation. Within two weeks, the employer had terminated her employment based on the religious views of the organization.
Stephens sued for discrimination under Title VII. The Sixth
Circuit, siding with the EEOC, held that Title VII protects
claimants based on gender identity from discrimination.
Source: Jackson Lewis—April 22, 2019
...................................................................................................
Brigham Young University Students Protest the Honor Code Office
Student protests are a rare sighting at Brigham Young University
(BYU), a non‐profit research university guided by The Church of
Jesus Christ of Latter‐day Saints, whose mission statement is to
“assist individuals in their quest for perfection and eternal life.”
But on April 12, 300 students, led by the group Restore Honor, gathered on the Provo, Utah campus to protest the school’s
Honor Code Office, which is known to be strict.
Students claim that the university is mistreating victims of
sexual assault and harassment, especially women and LGBTQ
students. Protestors could be heard chanting, “God forgives
me, why can’t you?”
The Honor Code states that faculty, administration, staff, and
students at BYU will “seek to demonstrate in daily living on and
off campus those moral virtues encompassed in the gospel of
Jesus Christ,” by demonstrating a chaste and virtuous life,
abstaining from alcohol and regularly attending church, to name a few.
The dress and grooming standards for men and women require
unrevealing clothing, no facial hair and no more than one
piercing for women on their ears. For men, earrings and other
body piercings are not acceptable.
In early 2016, the university separated the Honor Code Office
from the Title IX Office to ensure women’s equal treatment on
campus. In addition, BYU added an amnesty policy that says
students will not be punished by the university for any
violations against the honor code if they report an incident of sexual misconduct.
However, some students say the administration has punished
them for reporting their own sexual assaults, using the code
against them.
The university also posted a Q&A with Kevin Utt, BYU’s new
director of the Honor Code Office, discussing some of the
questions students commonly ask.
Risk and Compliance News—April 2019 Page 9
“Our goal is to help students come back into good standing as
quickly as possible. We want students to succeed here,” Utt said.
Despite these efforts, students remain tenacious in their
claims that problems still remain.
In July 2018, a student reported that she had been sexually
assaulted. She was suspended for two semesters from BYU‐
Idaho despite the school upholding her complaint after the
man she accused of assaulting her told their bishop that she
had been drinking when the alleged assault happened.
Students also allege that the administration has created an
environment that encourages snitching on their peers and they
feel officials dole out severe consequences for minor infractions,
leaving students feeling dejected and unsupported.
Freshman Grant Frazier says he would like to see less
punishment and more compassion.
“The Honor Code, as many of you may know, was made by
students for students. So it needs to be reformed by students,”
he said to the demonstrators.
Sidney Draughon, a 2018 BYU graduate, even started an
Instagram account, which shares students’ negative
experiences with the code, including her own.
During her freshman year, Draughon says she was called into
the Honor Code Office because of an old photo and tweet from
high school. She was called in a second time during her senior
year over a different allegation, delaying her diploma.
“It’s about all of you sharing your stories of hurt and feeling
like you’re rejected and feeling like you don’t fit in at BYU. But I’m here to tell you that you do. I don’t care who you are,” she
told students.
Not all students agree with the protest, however. During a
moment of silence for LGBTQ students who have been
mistreated by the Honor Code Office, one student could be
heard saying, “If you don’t like the Honor Code, go to a
different school.”
“We here at the university believe in the atonement,” Frazier
said. “We believe in the Gospel and we think the Honor Code
Office has forgotten that. And it’s our job to remind them.”
Source: Campus Safety Magazine—April 22, 2019
...................................................................................................
Jury Awards UC Irvine Neurosurgeon $2Million in Whistleblower Retaliation Case
An Orange County jury awarded $2 million in damages this
week to a UC Irvine neurosurgeon who alleged in a lawsuit that
the University of California Board of Regents and the former
dean of UCI’s School of Medicine violated whistleblower
protection laws when he was retaliated against for filing a
grievance against his supervisors.
“I am incredibly relieved to finally be vindicated now six years
after the event and 2.75 years since having to file a lawsuit,”
plaintiff Mark Linskey, a tenured professor of neurological
surgery, said in a statement following Monday’s verdict.
The lawsuit, filed in June 2016, alleged that defendant Ralph
Clayman, former dean of the medical school, along with Johnny
Delashaw, former chairman of the department of neurological
surgery, collaborated to oust Linskey from the department in
retaliation for a grievance he had filed against them expressing
concerns about patient safety and conflicts of interest.
In the complaint, Linskey alleged patient safety was put at risk in
June 2012 when vascular neurosurgery cases — surgery done
under a microscope on blood vessels in or around the brain or
under the neck — were removed from the general neurosurgery on‐call service and that future emergency neurovascular cases
were reserved for Delashaw and another doctor.
Linskey said he requested inclusion in the neurosurgery
vascular call schedule and was denied. Linskey filed a grievance
with the Committee on Privilege and Tenure in March 2013,
naming Clayman and Delashaw.
The lawsuit alleged that Clayman retaliated against Linskey by
pushing to have him moved from the department of
neurosurgery to the department of general surgery. It also
alleged that Delashaw threatened residents by ordering them
to not assist Linskey during surgery and discouraged verbal communication with him.
Linskey also named the UC Board of Regents in the lawsuit,
saying it failed to protect him even after he submitted a UCI
Whistleblower Retaliation Complaint Form in May 2014.
Source: Los Angeles Times—April 25, 2019
...................................................................................................
Risk and Compliance News—April 2019 Page 10
Environmental Health & Safety
Mumps Outbreak at Temple University
More than 100 confirmed or probable cases of mumps have
been diagnosed at Temple University as an outbreak that
began with just a few cases in February continues to spread across the Philadelphia campus.
City Department of Health officials believe that the close quarters
in which college students live has accelerated the spread of the
disease, and they expect more cases to be diagnosed.
Although mumps and other highly contagious viral diseases
such as measles have largely been eradicated in the United
States, there have been sporadic outbreaks in pockets of the
country that have been largely attributed to so‐called anti‐
vaxxers, or parents who refuse to vaccinate their children.
College students are generally susceptible to outbreaks of all kinds of contagious diseases, including certain strains of
meningitis and the flu.
The Philadelphia health department on Monday reported 18
confirmed mumps cases and 90 probable cases associated
with the outbreak. The university already held a free
vaccination clinic, administering booster shots for mumps to
nearly 5,000 students and staffers as of last week. Other
students and professors were vaccinated at the campus health
center, which is still offering shots, said Ray Betzner, a
university spokesman.
The Centers for Disease Control and Prevention recommends
two doses of the MMR vaccine (which stands for measles,
mumps and rubella and protects against all three) during
childhood. The first shot is generally given when a child is
between a year and 15 months old and a second booster shot
is given between ages 4 and 6, normally about the time when
most children begin attending school.
Mumps is well‐known for the characteristic severe swelling it
causes in the cheeks and neck, but other symptoms range from
a fever and headache to aches and loss of appetite. In some
cases, deafness can occur, and more dangerous complications
can happen after puberty, including inflammation of the
testicles or ovaries.
A person who has received a single dose of the MMR vaccine
has about a 78 percent chance of not contracting mumps and
a 88 percent chance of prevention with the second dose,
according to the CDC. Health officials said, however, that while
the measles and rubella components of the vaccine are strong,
the protection against mumps tends to fade as people age.
Few people receive a third booster shot, they said.
Mumps is spread through spit and mucus, so college students
who are often packed together in classes and dormitories or
who share drinks and food are particularly susceptible, said
Susan Even, chairwoman of the American College Health
Association’s Vaccine‐Preventable Diseases Advisory
Committee and executive director of the University of Missouri
at Columbia’s Student Health Center. Symptoms don’t usually
show up until at least two weeks after someone is infected, but
it can take up to a month, allowing the virus to spread
undetected, Even said.
The outbreak at Temple is believed to have originated with a
person who traveled internationally, said Jim Garrow, city
health department spokesman. Garrow did not identify
whether the person was a student. Mumps is a common
disease in other countries such as in Japan, where people are
not routinely vaccinated against it.
The university first announced the outbreak on Feb. 28 with just
a few students testing positive. More and more cases were
confirmed throughout March. An online petition, which has
since been taken down, pressed for university administrators to
close the campus until the outbreak was eliminated. Temple
officials did not consider this option and the city health
department did not recommend it because it would not halt the
spread of the disease, said Betzner. A visitor to campus and even a student wouldn’t necessarily catch mumps merely by being in
the presence of someone who had contracted it, he said.
Only about 20 percent of the cases occurred among students
who live on campus, said Betzner. Students can ask for
cleaning supplies for their dorm rooms if they are worried
about contracting the illness, he said. And students whose
roommates or suite mates have contracted mumps can change
Risk and Compliance News—April 2019 Page 11
rooms. The city health department has said those who are sick
should stay away from healthy individuals for at least five days.
The university did not require incoming students to have the
MMR vaccination, but administrators have since revised the
university's policies and will request verification that students
received the vaccination beginning next academic year,
Betzner said. The CDC recommends a third booster shot only
for people who live in the area of an outbreak.
Many colleges and universities require students to receive the
vaccine before coming to campus, Even said. She noted,
however, that some institutions do not have the resources to
check the health records of every first‐year student.
College campuses have encountered mumps outbreaks
before. More than 420 cases of mumps were diagnosed at the
University of Missouri in 2016. All of the infected students had
received the university’s required two doses of MMR. More than 450 mumps cases were diagnosed at the University of
Iowa and the surrounding area from 2015 to 2016.
Source: Inside Higher Ed—April 2, 2019
...................................................................................................
Over 1,000 Quarantined in Measles Scare at LA Universities
More than 1,000 students and staff members at two Los
Angeles universities were quarantined on campus or sent
home this week in one of the most sweeping efforts yet by
public health authorities to contain the spread of measles in
the U.S., where cases have reached a 25‐year high.
By Friday afternoon, two days after Los Angeles County
ordered the precautions, about 325 of those affected had been
cleared to return after proving their immunity to the disease,
through either medical records or tests, health officials said.
The action at the University of University of California, Los
Angeles, and California State University, Los Angeles — which
together have more than 65,000 students — reflected the
seriousness with which public health officials are taking the
nation's outbreak.
"Measles actually kills people, so we have to take that really
seriously," said Dr. Armand Dorian, chief medical officer at USC
Verdugo Hills Hospital.
Those under the quarantine were instructed to stay at home
and avoid contact with others. They also were barred from
traveling by public transportation, including planes, trains,
buses or taxis. If they must travel for an emergency, they were
told to notify public health officials first.
"This is a legally binding order," the county's public health
director, Dr. Barbara Ferrer, told reporters.
Anyone who violates it could be prosecuted, she said, but
added that it appears everyone is cooperating so far. She didn't
describe what penalties those who don't could face.
The number of measles cases in the U.S. has climbed to nearly
700 this year, including five in Los Angeles County and 38
altogether in California. The surge is blamed largely on parents
not getting their children vaccinated because of
misinformation about the supposed dangers.
Still, several students at Cal State‐LA were shocked that their
campus could be hit by a measles outbreak.
"When they were like measles, I was like, 'What? Where did
that come from,'" said Sergio Dula, a communications major.
Eden Guerra, a kinesiology major, was surprised classes weren't
canceled, noting, "This is like serious, like it’s life, you know."
Cal State‐LA reported 875 students, staff, faculty and visitors
were placed under quarantine after possibly being exposed to
measles earlier this month. About 250 had been cleared by
Friday after proving they are immune to the disease.
At UCLA, 129 students and faculty were quarantined. All but
46 had been cleared by Friday.
Cal State‐LA is primarily a commuter school, while many UCLA
students live on campus. Some UCLA students were provided
a quarantine area to stay in, university officials said, though
they gave no details. Only one person remained there Friday.
Those covered by the quarantine were singled out based on
their possible exposure to either an infected UCLA student
who had attended classes in two buildings on three days
Risk and Compliance News—April 2019 Page 12
earlier this month, or a person with measles who visited a Cal
State‐LA library on April 11, officials said.
Those possibly exposed at Cal State‐LA were located by
tracking the records of people working in the library and those
who logged on to its computers during the four hours the
infected student was there.
Given the amount of time a person can remain contagious,
officials said the quarantine would end at UCLA on Tuesday
and at Cal State‐LA on Thursday.
Around the country, lawmakers in California, New York,
Washington state and Oregon have responded to the outbreak
by moving to crack down on exemptions to vaccinating
children. On Friday, President Donald Trump urged everyone
to get vaccinated.
Source: KSL—April 26, 2019
...................................................................................................
Finance/Accounting
What Schools Need to Know About CFPB's Prepaid Accounts Regulation
Counsel at schools and universities understandably don’t follow
legal developments in financial services very closely, but recent
changes in regulations affecting prepaid accounts could impact
institutions of higher education. On April 1, 2019, the Consumer
Financial Protection Bureau’s (“CFPB”) Prepaid Accounts Rule
will take effect. Under the new regulation, financial services
utilizing prepaid accounts will be subject to a number of
requirements related to disclosures and error resolution.
Institutions of higher education may encounter prepaid products in two ways: (i) the payment of employee wages by
the institution onto payroll cards, and (ii) the disbursement of
Title IV funds onto prepaid cards often called “campus cards.”
Schools that have payroll or campus card programs may see
changes in those programs – especially around the disclosures
that accompany the cards.
It’s important to note that payroll cards have been regulated
at the federal level for a number of years now. In addition,
most states have laws or regulations governing payroll cards.
You can review state requirements in your jurisdiction by
navigating to our interactive survey of state payroll card law.
While the Prepaid Accounts Rule does not directly place
compliance obligations on colleges and universities, the CFPB
does expect schools to conduct oversight of their prepaid
account programs. In 2015, institutions became subject to
requirements in partnering with issuers of campus cards. Among
those requirements, institutions must ensure that the terms of
the prepaid accounts “are not inconsistent with the best
financial interests of the students opening them.” In its Prepaid
Accounts Rule, the CFPB cited the immense volume of funds
disbursed onto campus cards (projected to reach $3.98 billion in
2019) and noted the questionable practices of some institutions
which could increase the likelihood of consumer harm.
In a February 2018 letter to the Department of Education, the
CFPB shared an unpublished analysis of student use of college‐
sponsored deposit and prepaid accounts. In that report, the
CFPB revealed that institutions that received compensation in
exchange for selecting a certain campus card program chose
programs that assessed significantly higher fees to the student
cardholders. In their findings, the CFPB suggested the data may
be useful in determining whether colleges and universities
were faithfully discharging their obligations in selecting
campus card programs.
While the Prepaid Accounts Rule may not fundamentally
change the obligations for colleges and universities, it is a
strong reminder that regulators have not forgotten about the
role that institutions play in selecting campus card and payroll
card programs, as well as the increased likelihood of consumer harm when they shirk their oversight obligations.
Source: Womble Bond Dickinson—April 1, 2019
...................................................................................................
Scrutiny of a Financial Relationship
A former Arizona State University professor sparked outcry last
week by publicly accusing the institution of shady dealings with
the publisher Cengage.
Brian Goegan, former clinical assistant professor of economics
at Arizona State, claimed that the university had received a
“large monetary grant” from Cengage. In exchange, the
university made Cengage’s $100 courseware a requirement for
students in introductory economics courses, said Goegan.
University leaders flatly denied the accusation.
In an email to his students, which was later shared on Reddit,
Goegan said he was required to fail 30 percent of his class in
order to make the new courseware look like it was significantly
Risk and Compliance News—April 2019 Page 13
improving students’ grades. Arizona State leaders said this was
untrue.
Arizona State’s provost, Mark Searle, issued a statement in
response saying there was “no factual evidence” that Arizona
State received a grant from Cengage.
But The Arizona Republic unearthed a contract showing that
Arizona State and Cengage did have a revenue‐sharing
agreement for an adaptive learning platform, which Arizona
State staff and Cengage are developing together.
“I do feel some vindication,” said Goegan in an email.
“Especially since for a little while there they were denying that
any such contract existed.”
The “co‐publishing and fulfillment agreement,” signed in
January 2016, outlines how much money both Arizona State
and Cengage would keep from sales of the new adaptive
platform both to Arizona State students and outside students
whose institutions may adopt the platform in the future.
During a pilot of the new platform from spring 2017 through
spring 2018, the contract says Arizona State would charge
students $100 for the courseware, retaining $21 and paying
Cengage the remaining $79. Following the pilot period, Arizona
State would retain $1 and remit Cengage $99. Each course is
projected to enroll 2,200 students by the end of this year.
If the courseware that Arizona State helped to develop were
sold to another institution, Cengage would pay Arizona State a
revenue of 2 percent under sales of $250,000. This revenue
share would increase as sales grow, up to a maximum of
5 percent over sales of $2,250,000.
“It’s important to note that this section of the contract
envisions a hypothetical situation in which Cengage has found
another university ‐‐ not Arizona State ‐‐ that wants to license
the adaptive learning platform that was built collaboratively by
ASU and Cengage,” said Bret Hovell, Arizona State spokesman.
Alex Baker, vice president of policy at ASU’s Undergraduate
Student Government Tempe, said students “still have many
unanswered questions” about the concerns raised by Goegan.
It is still unclear whether Goegan was forced to fail students,
said Baker. The student government has requested to see
grade distributions from the economics department but has so
far been denied, he said. Requests for more information on
other courseware deals with publishers, which are part of a
wider adaptive learning project led by the university provost,
have also been denied.
Baker feels the university’s response to Goegan’s claims was
disappointing. “I wish they had been more open and
transparent. They put out statements that were very carefully
worded and full of caveats.”
University leaders have repeatedly said, for example, that
students are not required to pay to do their homework. Yet a
syllabus from one of the economics classes clearly states, “all
homework is done and turned in on MindTap” ‐‐ meaning it
would be impossible for students to pass if they didn't
purchase an access code.
The student government passed a bill earlier this week calling
for an independent external investigation into the university's
partnership with Cengage. But Baker acknowledges the student
government is a “paper tiger” that does not have the power to
initiate such an investigation. “The university would be fully
within their rights to put this bill in the shredder,” he said.
“I don’t believe the university will take any action,” said Baker.
But he is hopeful that students might persuade the Arizona
Board of Regents or state legislators to look more closely at
how textbooks and courseware are selected by the university
and consider whether they represent good value for students.
Hovell said he didn't "have anything to add about what
happens going forward."
In addition to calling for an external investigation, the student
government bill supports the creation of a new supervisory
body with student representation “with the authority to
approve or deny the usage of any homework submission
platform with costs to students greater than $50.”
Alastair Adam, co‐CEO of FlatWorld, a publisher of low‐cost
textbooks, said the students’ suggestion to play a role in
approving instructional materials is a good one. “We need
more sunlight on these processes,” he said.
Adam described how kickbacks and incentives have become a
tool for some publishers trying to win contracts. “It’s just like
how the pharma industry operates,” he said.
Though these financial inducements might be used by
universities to boost departmental funds or fund legitimate
research studies, they are bad news for students who want to
save money.
Adam described a recent situation in which a university, which
he declined to name, asked for cash in exchange for selecting a
FlatWorld textbook over a competing publisher.
The bidding document reads, “The department requests that
you include a proposal for a grant, or payback program to the
department for each textbook purchased in a semester. We
expect this to be a dollar amount that is paid directly to the
department to support facilitation of this course. We are open
to other ideas in this area, and expect that you address the
requirement in your proposal.”
It continues, “Any grant or payback should not simply inflate
student costs. We are offering a volume and would like to
absorb any discounts in the form of a grant or payback.”
The call to not inflate student costs is the “get‐out‐of‐jail
piece,” said Adam. But he notes, "given the volume, the
discount obtainable for the student could have been even
lower if the kickback didn’t have to be absorbed ‐‐ so it is
absolutely coming out of the student’s pocket.”
When Adam responded to say his price was already low, the university suggested he mark up the price in order to mark it
down. He refused.
“We did not win that contract,” he said.
Nicole Allen, director of open education for SPARC, said that
publishers have always offered incentives to universities to
choose their products, but what is and isn't acceptable has
become less clear.
"The ethical questions were just simpler to navigate when we
were only talking about books. Now the types of products are
more complex with adaptive platforms and homework
software, and the deals intertwine the interests of institutions
and publishers," she said. "If a university customizes a resource,
do they deserve royalties? If a department negotiates a deal to
reduce costs, is it fair to take a cut of the 'savings'?"
"Higher education owes it to students to grapple with the
ethics of this new course content landscape, and to avoid
replicating the same inequalities baked into the system it's
supposed to improve."
Source: Inside Higher Ed—April 26, 2019
...................................................................................................
Risk and Compliance News—April 2019 Page 14
Human Resources
U.S. Department of Labor Proposes Updates to Regular Rate of PayRegulations
The U.S. Department of Labor (DOL) issued proposed rules that
would update the regulations governing what forms of
compensation are included and excluded from the calculation
of overtime under the Fair Labor Standards Act (FLSA). The
proposed rules are intended to clarify and, in some cases,
simplify, the overtime calculation under federal law. To ensure
their employees are paid correctly, employers should avoid the
prevalent assumption that overtime pay calculation simply
involves multiplying an employee’s hourly wage by 1.5. Rather,
under the FLSA, the overtime calculation is far more detailed
and complex.
The comment period for the proposed rules closes on May 28,
2019. Employers should review their overtime and other
relevant payment plans to ensure compliance with state and
federal law.
The DOL issued the proposed rules on March 29, 2019 to
provide clarity for understanding the calculations that form
the basis for an employee’s “regular rate of pay.” Unless an
employee (or the employer) satisfies an overtime exemption,
the FLSA requires an employer to pay an employee overtime
whenever the employee works more than 40 hours during any
given workweek. Under the FLSA, overtime is paid at one and
one‐half times an employee’s “regular rate of pay.”
Superficially, this seems like simple math. However, the
“regular rate of pay” is a term of art under the FLSA. It includes
“all remuneration for employment” paid to an employee by
the employer, subject to eight specific exceptions, known as
the “statutory exceptions,” divided by the hours worked during the workweek in question for which such remuneration
was paid. The “statutory exceptions” are as follows:
Sums paid as gifts or payments in the nature of gifts at
holiday time or on other special occasions. The amounts
Risk and Compliance News—April 2019 Page 15
of which are not measured by or dependent upon hours
worked, production or efficiency;
Payments made for occasional periods when no work is performed due to vacation, holidays, illness, failure of the
employer to provide sufficient work or other similar
cause; reasonable payments for traveling expenses or
other expenses incurred by the employee in furtherance
of the employer’s interests for which the employee is
reimbursed; and other similar payments to an employee
which are not made as compensation for hours of
employment;
Payments made in recognition of services performed
provided the fact of the payment and amount of the
payment are at the sole discretion of the employer and
not pursuant to any prior contract, agreement or promise;
Contributions irrevocably made by an employer to a
trustee or third person pursuant to a bona fide plan for
providing old‐age, retirement, life, accident, or health
insurance and other similar benefits;
Extra compensation provided by a premium rate paid for
certain hours worked by the employee because such hours are in excess of eight (8) in a day or forty (40) in a
week or in excess of the employee’s normal working hours
or regular working hours as the case may be;
Extra compensation provided by a premium rate for
working on weekends, holidays, regular days of rest or the
sixth or seventh day of the workweek provided such
premium rate is not less than one and one‐half times the
rate established in good faith for like work performed in
non‐overtime hours on other days;
Extra compensation paid to an employee pursuant to an
applicable employment contract or collective bargaining
agreement for work outside of the hours established by
such contract or agreement provided such extra
compensation is paid at rate not less than one and one‐
half times the rate established in good faith for like work
performed during such work day or workweek; or
Any value or income derived from employer‐provided
grants or rights pursuant to a stock option, stock
appreciation right or bona fide employee stock purchase plan.
Since the regulations regarding the regular rate of pay were
last updated nearly 60 years ago, there have been a number of
perks and other rewards that employers provide to employees
and it is unclear whether such perks and rewards are included
or excluded from the regular rate of pay. For example, are the
cost of gym memberships, fitness classes, wellness programs,
management coaching, stress reduction programs, paid time
off and mandatory sick leave included or excluded from the
regular rate of pay? The DOL’s proposed rules try to address
these issues.
Specifically, the DOL intends to update federal regulations
concerning the regular rate of pay to reflect changes in the
modern workplace and to incentivize employers to provide
employees with more employee benefits without worrying
about their impact on the regular rate of pay—and ultimately
the calculation of overtime. In short, the DOL proposes
clarifications to confirm that employers may exclude from the
employee’s regular rate of pay the following:
The cost of providing wellness programs, onsite specialist
treatment, gym membership and fitness classes, and
employee discounts on retail goods and services;
Payments for unused paid leave, including paid sick leave
and paid time off or “PTO”;
Reimbursed expenses, even if not incurred “solely” for the
employer’s benefit;
Reimbursed travel expenses that do not exceed the
maximum travel reimbursement under the Federal Travel
Regulation System and that satisfy other regulatory
requirements;
Discretionary bonuses, by providing additional examples
and clarifying that the label given a bonus does not
determine whether it is discretionary;
Benefit plans, including accident, unemployment and legal
services; and
Tuition programs, such as reimbursement programs or repayment of educational debt.
The proposed rules also includes additional clarification about
other forms of compensation, including payment for meal
periods, “call back” pay, “show up” pay and other forms of
payment that may be required by state or local law or an
applicable contract or agreement.
Source: Fox Rothschild—April 5, 2019
...................................................................................................
Risk and Compliance News—April 2019 Page 16
Department of Labor Proposes NewDefinition to Joint Employment under FLSA
On April 1, 2019, the Wage and Hour Division of the Department
of Labor (“DOL”) proposed a new, clear‐cut test for determining
“joint employment” under the Fair Labor Standards Act
(“FLSA”). According to the DOL, the proposed changes are
designed to promote certainty for employers and employees,
reduce litigation, promote greater uniformity among court
decisions, and encourage innovation in the economy.
The proposed four‐part test considers whether the potential
joint employer actually exercises the power to:
1. Hire or fire the employee;
2. Supervise and control the employee's work schedules
or conditions of employment;
3. Determine the employee's rate and method of
payment; and
4. Maintain the employee's employment records.
This four‐part balancing test would replace antiquated FLSA
guidance that had vaguely suggested that two entities may be
joint employers if they are “not completely disassociated”
from each other. Over the years, this broad language had
evolved into contradictory tests applied in different federal courts that arrived at inconsistent conclusions as to the
existence of joint employer relationships. The new four‐part
balancing test is slated to eliminate any circuit splits over the
issue and, according to the DOL, is supposed to make joint
employer analysis: “simple, clear‐cut, and easy to apply.”
The four‐part balancing test was derived from a Ninth Circuit
case entitled Bonnette v. California Health & Welfare Agency,
704 F.2d 1465 (9th Cir. 1983) abrogated on other grounds,
Garcia v. San Antonio Metro. Transit Auth., 469 U.S. 528
(1985). However, the DOL has modified the test in Bonnette by
proposing that even if an entity has reserved contractual rights
to act with respect to an employee’s terms and conditions of
employment, that theoretical ability is irrelevant for purposes
of the joint employer analysis. This modification to Bonnette is
likely one of the reasons why the proposed new rule is
expected to provide greater protection to franchisors and
companies that use staffing agencies.
The DOL’s proposed rule also states that additional factors
could be applied to the joint employer analysis if it appeared
that a potential joint employer was exercising significant
control over employees or otherwise acting directly or
indirectly in the interest of the employer in relation to the
employee. However, the DOL made clear that the joint
employment test would not look to whether the worker is
economically dependent on the potential joint employer.
Economic dependence would no longer be relevant to the joint
employment analysis, but still would remain relevant to
whether a worker is an employee or independent contractor
of the employer.
The DOL’s proposed rule also explains that an entity’s business
model (such as a franchise model), certain business practices
(such as allowing an employer to operate a store on the
person’s premises, or participating in an association health or
retirement plan), and certain business agreements (such as
requiring an employer in a business contract to institute sexual
harassment policies), do not make joint employer status more
or less likely under the Act.
The Notice of Proposed Rulemaking (“NPRM”) will publish on
April 9, 2019 in the Federal Register, at which time interested
parties may submit comments on the proposal at
www.regulations.gov in the rulemaking docket RIN 1235‐AA26
by June 10, 2019. Only comments received during the comment
period will be considered part of the rulemaking record.
Source: Clark Hill PLC—April 11, 2019
...................................................................................................
Information Security & Privacy
Best Practices by the Department of Education's Privacy Technical Assistance Center for Data Destruction under FERPA (Updated Mar. 2019)
Best Practices Document by the Department of Education's
Privacy Technical Assistance Center for data destruction under
the Family Educational Rights and Privacy Act (FERPA). The
document provides a guide on properly destroying sensitive
student data after it is no longer needed by detailing the life
cycle of data, the legal requirements relating to the
destruction of data, and methods for properly destroying data. The document further provides examples of how to implement
best practices for data destruction within an organization.
Source: NACUA—April 1, 2019
...................................................................................................
Data Breach Exposes up to 1.3M Georgia Tech Faculty, Students
It sounds a bit ironic: a data breach potentially affecting 1.3
million current and former students, faculty and staff
members at Georgia Tech, the world renowned university with
lauded computer science programs.
But it happened.
The school disclosed the breach, its second in less than a year,
on Tuesday, saying it feared the exposed information
included names, addresses, social security numbers and birth
dates. Tech spokesman John Toon said officials at the
school, which typically has around 30,000 students enrolled,
learned in “late March” that a central database had been
accessed by an unknown outside entity.
Toon said Tech immediately corrected the application, but
personal information was likely exposed. “Georgia Tech’s
cybersecurity team is conducting a thorough forensic
investigation to determine precisely what information was
extracted from the system,” he said.
The school is working to identify the individuals whose data
was compromised and intends to contact them, Toon said. He
didn’t say by when victims could expect to be notified.
The breach is reminiscent, but far larger, than one last July when students were furious after the university mistakenly
emailed the personal information of nearly 8,000 College of
Computing students to other students.
The information leaked in 2018 included student identification
numbers, phone numbers, dates of birth, addresses, grade‐
point averages and nations of origins for those born in other
countries. Social security numbers weren’t included, Tech
officials said.
Nate Knauf, who’s studying computer science at Tech, told The
Atlanta Journal‐Constitution the latest breach was “incredibly disappointing.”
Risk and Compliance News—April 2019 Page 17
He added: “Given our high rankings in computer science, this
is simply inexcusable.”
Many questions remain unanswered in the breach,
including how and when the breach was discovered; who
committed it; where the 1.3 million estimate of affected
parties came from; and what, if any, law enforcement agency is investigating.
Toon said he couldn’t yet offer that information. He did say the
U.S. Department of Education and University System of
Georgia have been notified.
While it may seem strange for a school that teaches cybersecurity
to be hit twice in a year, schools like Tech aren’t uncommon
targets as data hacks become increasingly commonplace.
“Academic institutions aren’t exactly new targets — they are
actually big targets,” said Humayun Zafar, a professor in
information security at Kennesaw State University. “At the end
of the day the systems that are used across the board (for data
retention) are similar.”
Such breaches have happened at universities across the
U.S.: The University of Texas, Yale University, and in 2018,
federal authorities indicted nine Iranians for allegedly hacking
144 American universities.
Then there are the hacks of municipalities, including Atlanta,
banks, Equifax, big box retailers and even hospitals. Last year,
Augusta University Health officials said they feared sensitive
health and personal information of about 417,000 people may
have been compromised.
Each attack can be different, with different motives and levels of
success, and it’s too soon to say how the Tech hack played out.
But Zafar said he suspects what happened at Tech was a so‐
called “zero day” attack, which is where a hacker find and
pounces on a system vulnerability that the system’s owner
isn’t aware of. It’s something like what could happen if a
homeowner forgot leaving a spare key under the doormat. A
crook can come along, find it and get in the house.
What tends to happen after zero day attacks, Zafar said, is the
attacked victim recognizes the vulnerability and patches it so
the issue won’t happen again. The homeowner moves the key.
But the crook has already been inside, and the damage must
be assessed.
Risk and Compliance News—April 2019 Page 18
“We continue to investigate the extent of the data exposure
and will share more information as it becomes available,”
Mark Hoeting, the school’s vice president for information
technology, said in an email to students. “We apologize for the
potential impact on the individuals affected and our larger
community. We are reviewing our security practices and
protocols and will make every effort to ensure that this does
not happen again.”
Source: AJC—April 2, 2019
...................................................................................................
As Wearable Technology Booms, Sports and Athletic Organizations at All Levels Face Privacy Concerns
As wearable and analytics technology continues to explode,
professional sports leagues, such as the NFL, have aggressively
pushed into this field. (See Bloomberg). NFL teams insert tiny
chips into players shoulder pads to track different metrics of
their game. During the 2018‐2019 NFL season, data was
released that Ezekiel Elliot ran 21.27 miles per hour for a 44‐
yard run, his fastest of the season. The Dallas Cowboys are not
alone as all 32 teams throughout the league can access this
chip data which is collected via RFID tracking devices. Sports
statistics geeks don’t stand a chance as this technology will
track completion rates, double‐team percentages, catches
over expectation, and a myriad of other data points.
There are obvious questions and concerns about the use of this
technology, and not just at the professional level. Wearables
can be found at all levels of sports and athletic activities,
including at colleges and high schools. At the professional
level, the NFL is unique in that it allows teams to use the chip
data during contract negotiations. However, players do not
have full access to this information, unless specifically granted
by individual teams. This is important since there is much
debate over who truly owns this data. And, for a variety of
reasons, players and athletes want to know where their
information is stored, how it is stored, whether and how it
might be used and disclosed, who has access to it, and what
safeguards are in place to protect it. Major League Baseball
and the Players Association added Attachment 56 to the 2017‐
2021 Collective Bargaining Agreement to address some of
these concerns. But, again, these and other questions are not
unique to professional ball players.
With devices ranging from wearable monitors to clothing and
equipment with embedded sensors, professional teams,
colleges and universities, local school districts, and other
sports and athletic institutions, as well as the companies that
provide the wearables, can now collect massive amounts of
data such as an athlete’s heart rate, glucose level, breathing,
gait, strain, or fatigue. On the surface, this data may relate to
an athlete’s performance and overall wellness, which may be
somewhat apparent to onlookers without the aid of the
device. However, alone or aggregated, the data may reveal
more sensitive personal information relating to the athlete’s
identity, location, or health status, information that cannot be
obtained just by closely observing the individual. When
organizations collect, use, share, or store this data, it creates
certain privacy and security risks and numerous international,
federal, and state data protection laws may apply. Any sports
or athletic organization that develops a wearable device
program, or has reason to believe that these devices are being
used by coaches and others to collect similar data, should be mindful of these risks and regulatory issues.
Source: Jackson Lewis—April 5, 2019
...................................................................................................
Effectively Addressing Security Concerns on Campus
Over the past year, federal intelligence, security, and science agencies, as well as Members of Congress, have expressed
increasing concern regarding theft of intellectual property,
breaches in scientific integrity, targeted cyberattacks, the
participation of academic researchers in foreign talent
recruitment programs, and other forms of foreign interference
relating to research performed at U.S. universities. These
concerns have stemmed from countries including, but not
limited to, China, Russia, Iran, and North Korea.
We know public research universities believe it is imperative
to take these concerns seriously and to take proactive
measures on campus. To assist universities in responding to
these growing concerns, late last fall APLU and AAU conducted
a survey to collect examples of effective policies, practices,
tools, and resources that universities are using to ensure the
security of research and to address ongoing and emerging
foreign security threats. This week APLU and AAU shared some
key practices emerging from the survey, including: conducting
an inventory of current campus security‐related activities;
communicating with faculty about potential security threats
and providing reminders of federal and university disclosure
and export controls compliance requirements; and considering
implementation of additional campus policies and practices to
bolster security and mitigate risk.
Risk and Compliance News—April 2019 Page 19
In brief, suggested actions that universities are encouraged to
take if they haven’t done so already include:
Sharing broadly steps that are already being taken or are underway to ensure the security of the research
enterprise on campus;
Conveying to faculty the importance of fully and accurately
disclosing conflicts of interest and conflicts of commitment,
including foreign affiliations and positions, foreign financial
conflicts, and other financial support during grant
application, award, and implementation processes;
Creating high‐level, cross‐campus working groups and
task forces to bring together key faculty and staff
stakeholders and facilitate additional university
coordination; and
Bolstering activities in the areas of faculty and student
training; review of foreign gifts, grants, and contracts;
review of faculty foreign financial interests and
affiliations; intellectual property protection; interactions
with federal security and intelligence agencies; safeguards
and protections for foreign travel; international visitors to
campus; and export controls compliance.
Source: Association of Public & Land‐grant Universities—April
24, 2019
...................................................................................................
WSU Settles Lawsuit over 2017 Hard Drive Theft for $4.7 Million
Washington State University has settled a class‐action lawsuit
after a hard drive containing millions of people’s personal data
was stolen from a storage unit.
A safe containing the backup hard drive was taken from an off‐
site storage container in Olympia on April 21, 2017. The hard
drive belonged to the school’s Social and Economic Sciences
Research Center (SESRC).
The drive contained sensitive information of over 1.3 million
individuals who had participated in studies and evaluations
conducted by the SESRC from 1998 to 2013. The data included
names, Social Security numbers and personal health
information — much of which was not encrypted.
The victims, some of whom say their data was used for identity
theft crimes, filed the class‐action lawsuit, claiming they were
unaware their information was being stored and that the Pullman university was negligent in storing the hard drive in an
unsecured location.
WSU countered the plaintiffs’ argument, stating it is difficult to
tie the identity thefts to the WSU breach given the number of
recent data breaches across the country, reports Beckers
Hospital Review.
“While Washington State University disputes the claims made
in the suit, the university has concluded that continued
litigation would be even more expensive and time‐
consuming,” said WSU spokesman Phil Weiler.
Under the settlement, victims may be entitled to receive up to
$5,000 in cash reimbursements for any out‐of‐pocket
expenses incurred by the breach. Some victims claimed they
were forced to buy credit monitoring services to monitor
identity theft.
Victims will also be entitled to two years of free credit
monitoring and insurance services, administrative fee
payments, attorney fees and other breach‐related expenses,
according to Health IT Security.
Furthermore, the school agreed to destroy all archived
research data related to the project referred to in the suit and
any remaining research data will be moved to a secured
location. It will also implement new policies, procedures,
training and technology based on a risk assessment and audit.
WSU joins a growing list of schools and hospitals that have
either experienced data breaches or reached settlements.
In March, UCLA Health settled a class‐action lawsuit for $7.5
million after hackers gained access to personal information of
over 4.5 million patients in 2014. Also in March, Georgia Tech
experienced a data breach that exposed the information of 1.3
million current and former students, as well as applicants and
staff members.
In December 2018, hackers were able to steal over $800,000
from Cape Cod Community College after gaining access to the
school’s bank information.
Source: Campus Safety Magazine—April 26, 2019
Risk and Compliance News—April 2019 Page 20
...................................................................................................
Student Financial Aid
Low-Income Students Told Brown U. That Textbook Prices Limited Their Choices. Here’s What the University Is Doing About It.
At Brown University the open curriculum — which gives
students wide latitude in choosing courses — is a point of pride
because it allows them the freedom to explore their interests.
But some low‐income students have felt hemmed in. They
avoided courses that required expensive books and materials, or
took such courses and made do without them. And that wasn’t
the worst of it. “Some students,” said Richard M. Locke, the
university’s provost, “felt they were trading off books for food.”
In response, Brown started a pilot program this year to buy
required textbooks for some low‐income students. In the fall
the program will expand to cover all incoming freshmen whose
financial aid includes university scholarship funds, as well as
upperclassmen with a parent contribution of $0. Participating
students will simply gather their required materials at the
bookstore and pay with a swipe of their campus ID.
The books program is one of several moves Brown has made
in recent years to better support its low‐income students.
Those changes were sparked by student activism.
Across the country, colleges face growing pressure to take care
of students’ basic needs. The University of Kentucky is
providing additional support, including a dedicated staff
member, in the wake of a hunger strike. Students at Sarah
Lawrence College, in New York, recently released a long list of
demands. Texas’ Amarillo College, meanwhile, has attracted
national attention for its comprehensive approach to
supporting students.
Unlike those colleges, Brown is among the country’s
wealthiest. Colleges in its group have more economically
diverse enrollments than they once did, but they still enroll
small shares of low‐income students, compared with most
colleges. At Brown, 14 percent of students receive federal Pell
Grants, an imperfect but widely used marker of low‐income
status. That representation is similar to many peer institutions,
but quite low beyond them.
Elite colleges don’t educate huge numbers of low‐income
students, but they do provide significant financial aid to the
ones they enroll. In theory, students at Brown should be able
to pay for their books. The university meets students’ financial
need, and the aid formula includes books and supplies.
But the figure is an estimate, and even if it’s accurate, plenty
of students end up spending more. Even then, the idea that
students can pay for books out of their summer earnings — an
assumption that’s often baked into elite‐college financial aid
— might not work out in students’ real lives. They might not
be able to earn enough money. They might need to spend it on
something else.
“When we talk about how money works on campus, often we
think about financial aid, and it stops there,” said Anthony
Abraham Jack, an assistant professor at Harvard University’s
Graduate School of Education.
Jack’s research reveals the limits of that approach. A theme of
his recent book, The Privileged Poor: How Elite Colleges Are
Failing Disadvantaged Students, is that “access is not
inclusion,” he said. Low‐income students, Jack said, often feel
a disconnect between the effort an elite college made to
recruit them and the lack of support they face once they enroll.
“You almost feel lied to,” he said.
Between scholarship like Jack’s and student advocacy, that
disconnect is getting harder for colleges to ignore.
Structural Challenges
The recent changes at Brown have their roots in diversity and
inclusion demands that students made in 2015, a year that saw
similar activism at colleges around the country.
One of the university’s responses was to create a new position,
assistant dean of the college for financial advising.
Among other things, Vernicia Elie, who holds the position,
oversees an emergency grants program. Students’ requests,
which they submit online, are confidential, but they have
provided Elie with a detailed view of the financial frustrations
of Brown’s most vulnerable students.
Risk and Compliance News—April 2019 Page 21
In Elie’s first year, students submitted 745 applications for
emergency funding, many of which she was able to approve.
But there were others she couldn’t, due to federal regulations
that prevent colleges from providing students with more aid
than calculations determine they need.
The requests formed a “rich data set” revealing what students still needed, Elie said. They coalesced around two issues: books
and food.
Students’ stories, which Elie shared with other officials in a
2017 report, “helped us see what was happening structurally,”
she said. Brown’s growing share of low‐income students
meant that there was now a critical mass of them on the
campus. To Elie, their presence meant that Brown had to ask
itself: “Have we created some policies and systems that don’t
align with our values?”
Elite colleges enroll more low‐income and first‐generation
students than they used to. Many students embrace those
identities. As a result, the conversation on some campuses is
starting to shift from one that expects low‐income students to
assimilate to one that listens to them and uses their insights to
create a better educational environment for everyone.
Another result of 2015’s student activism was the creation of
Brown’s Undocumented, First‐Generation College and Low‐
Income Student Center. The students who worked there were
well aware that buying books continued to be a pain point for
low‐income students. They even started a lending library, a
task that involved lots of planning and organizing, not to
mention schlepping books across campus.
“It was so much hard work,” said Auriana Woods, a senior
majoring in public policy and Africana studies who used to
work at the center. “We were trying to do this thing on our
own.”
In the fall of 2017, two of Woods’s friends were in student
government. Along with a fourth student, they submitted a
proposal asking the university to cover the cost of books for
students on financial aid, and pointing to a similar program at
Williams College.
Students, Woods said, are on a different timeline than
administrators are. With only four years on a campus, they want
to make change happen quickly. Still, this year’s pilot program,
she said, “was an important start, a manageable start.”
Source: The Chronicle of Higher Education—April 11, 2019
...................................................................................................
What Should Colleges Tell AdmittedApplicants about Aid?
For years, many consumer advocates and education finance
experts have criticized the way some colleges tell admitted
applicants about the financial aid they will receive if they enroll.
Studies have found inconsistencies in how colleges describe
the same forms of aid and have criticized suggesting that loans
are the same as grants. Others have criticized colleges for not
distinguishing among various forms of loans. Given that many
students and their families may not understand the
significance of borrowing through a federal versus private loan
program, for example, critics say that less‐than‐clear aid letters make it difficult for students and families to make
informed decisions.
With students who have multiple admission offers for the fall
deciding where to enroll, the U.S. Education Department's
Office of Federal Student Aid last week issued guidance to
colleges on their aid explanations. The recommendations:
"Avoid calling your financial aid offer an 'award' and avoid calling it a 'letter.' Loans are not awards. Work‐study is not
an award, it is the potential for employment that offers
earnings to students. Using a term like 'financial aid offer'
or 'college financing' is clearer. Given that many
institutions deliver these offers via electronic
communication, calling them 'letter' can also be
confusing."
"Avoid issuing a financial aid offer that does not include
cost of attendance."
"Avoid listing the cost of attendance without breaking it
down into clear components. For students and families to
be able to plan how to cover costs, the provided cost of
attendance needs to be transparent about what is and is
not included. While basic needs like food and shelter are
critical, other key costs such as books, supplies, medical
insurance and transportation also need to be anticipated
as students and families determine if a school is a financial
fit for them."
"Avoid listing grant and/or scholarship aid, loans and work‐study together. Listing grant and/or scholarship aid,
loans and work‐study together can lead students and
families to confuse the terms and their specific
requirements. Listing them separately makes it clear what
is a loan (needs to be paid back), what is a grant or
scholarship (does not need to be repaid), and what
constitutes as work‐study (must be earned by securing a
job and working to receive it)."
"Avoid listing student loans without clarifying the source (federal, state, institutional or private)."
"Avoid listing Parent PLUS loans with student loans.
Parent PLUS loans are different than student loans and
involve higher risk."
"Avoid issuing a financial aid offer without net cost calculated. Net cost is the difference between the total
cost of attendance and all grant/scholarship aid received.
Not including net cost is confusing to students and families
and makes comparing financial aid offers very difficult, if
not impossible."
Megan Coval, vice president for policy and federal relations at
the National Association of Student Financial Aid
Administrators, said the guidance from the Education
Department was generally consistent with her organization's
views. NASFAA has a code of conduct that covers many of the
same issues.
The organization has endorsed efforts to promote greater
clarity among aid offers. However, Coval noted that the
organization has also opposed what it terms "rigid
standardization" through legislation that would mandate a
single aid notification method. Coval said that institutions have
different missions, different student bodies and different aid
resources, making it unrealistic to require that every aid
notification look exactly alike.
At the same time, Coval said that the association takes
seriously the need for colleges to be transparent with aid
offers. She said the association receives "a handful" of
complaints a year about colleges that are not providing
information to students compliant with the association code.
In these cases, she said, the association investigates and works
with colleges to improve the way they share information about
aid with admitted applicants. In every case, she said, the
colleges have made the changes requested.
"I don't think schools are coming from a place where they are
trying to mislead or be deceptive," she said.
Source: The Chronicle of Higher Education—April 22, 2019
...................................................................................................
Risk and Compliance News—April 2019 Page 22