Featured in the New Jersey Law Journal, Steven Teppler, Chair of the Firm’s Cybersecurity & Data Privacy Practice Group, and Carly Rothstein, Associate in the group, examine the broader legal and regulatory implications stemming from the recent Instructure/Canvas cybersecurity incident.
Their article explores why educational institutions may face independent exposure beyond the vendor breach itself, including potential obligations related to FERPA, state breach notification laws, cyber insurance, third-party risk management, data retention practices, and institutional governance.
As learning management systems continue evolving into long-term repositories of sensitive educational, medical, financial, and personal information, the article highlights the growing importance of cybersecurity governance and oversight within educational institutions.
Read the full article here: The Instructure Breach May Create Independent Institutional Exposure Beyond the Vendor Incident | Law.com