Third-Party Servicers – New Guidance from the Department of Education

Cooley Alert
January 23, 2015

The Department of Education ("ED") issued a Dear Colleague Letter ("DCL") on January 9th providing guidance on which entities should be classified as third-party servicers for purposes of the Title IV rules.

The DCL details the existing third-party servicer requirements relating to institutional reporting, contract provisions, FERPA regulations, FTC rules on information security, and third-party servicer compliance audits. Of particular note, the DCL clarifies that entities providing computer services or software are third-party servicers if they maintain any "student-level information" related to the administration of Title IV. The DCL further advises that entities that host secure portals for the transmission or electronic storage of and access to Title IV records are considered third-party servicers.

Read the full text of the DCL.

In December 2014, ED issued a Federal Register notice seeking comments on the process used to report and audit third-party servicers (comments were due January 7th). Read our detailed analysis of that notice.

As noted in our prior alert, to avoid potential liability and reporting requirements, institutions should use extra care in determining whether the service companies they partner with must be reported as third-party servicers for Title IV purposes. In particular, we recommend that entities that do not intend to act as third-party servicers expressly disclaim such a role in any written contract with a Title IV institution and include language to prevent the institution from erroneously reporting the entity to ED as a third-party servicer.

If you have any questions about this notice or other questions related to third-party servicers, please do not hesitate to contact Cooley's Higher Education practice group.

  1. While the DCL language is somewhat unclear on this point, we have confirmed through guidance by ED that the DCL is not intended to extend the third party servicer obligations to entities that are not administering aspects of Title IV. Note, however, that FERPA obligations do extend to such entities to the extent they have access to student data.

This content is provided for general informational purposes only, and your access or use of the content does not create an attorney-client relationship between you or your organization and Cooley LLP, Cooley (UK) LLP, or any other affiliated practice or entity (collectively referred to as “Cooley”). By accessing this content, you agree that the information provided does not constitute legal or other professional advice. This content is not a substitute for obtaining legal advice from a qualified attorney licensed in your jurisdiction and you should not act or refrain from acting based on this content. This content may be changed without notice. It is not guaranteed to be complete, correct or up to date, and it may not reflect the most current legal developments. Prior results do not guarantee a similar outcome. Do not send any confidential information to Cooley, as we do not have any duty to keep any information you provide to us confidential. This content may be considered Attorney Advertising and is subject to our legal notices.