When Campus Security Laws Meet Cybersecurity: The Digital Impact of the Jeanne Clery Act
Digital transformation has made the physical security requirements of the Clery Act a cybersecurity compliance issue.
Last December, two students died and nine were injured in a shooting at Brown University. And on March 12, an active shooter killed an ROTC instructor in Old Dominion. Tragically, such disturbing news appears to be becoming normalized on college campuses. Federal authorities have opened an investigation into Brown and are examining how the incident occurred and whether the campus violated the Clery Act. Campus security must continually re-evaluate whether their security arrangements are truly prepared for emergencies.
It is not that there is no regulatory framework to ensure campus safety and incident transparency. The Jeanne Clery Disclosure of Campus Security Policy and Campus Statistics Act is one of them. A 1986 tragedy was the driving force behind the Clery Act. The subsequent investigation revealed that there had been unspecified violent incidents on campus in the past.
Anatomy of the Clery Framework
The need for transparency and communication around campus security defines the Clery Act compliance obligations. Institutions that receive federal financial support must prepare an annual safety report (ASR) and submit it by October 1st. They must carefully record crime on campus and include crime statistics over a three-year period. The ASR must cover campus safety policies. Thorough documentation of criminal incidents in a crime report and reporting them to campus security are mandatory.
Failure to comply can result in fines of up to $70,000 per violation and possible loss of federal funding – consequences no campus can afford.
It should never be “business as external” for an institution to regularly subject itself to persistent threats against its students, faculty, and staff. A timely warning must be sent to the campus community. For any impending danger, such as an active shooter, arrangements must be made to quickly send an emergency notification to alert students and teachers.
When the Clery Act was introduced, there were no cell phones. Digital transformation is changing the game.
The Clery Act’s Relevance to Cybersecurity
The Clery Act is not primarily about combating cybercrime; an institution’s ability to meet the obligations of the law also depends on its digital infrastructure. Whether it’s the ability to report crimes, emergency notification systems, or creating an incident database with a historical record of incidents, information flows through connected software systems. The ASR is also created using centralized digital records.
Let’s dive a little deeper into the intersection between campus security compliance and cybersecurity.
Emergency notifications are among the most time-sensitive obligations under the Clery Act. In the past, these were communicated through sirens or physical announcements. Today, such notifications are sent through mass notification platforms that can deliver alerts via SMS, email, campus mobile applications, and digital signage systems. Disruption or compromise of these systems means that alerts may reach the campus community late or not at all, or worse, attackers may send false messages, undermining response efforts and potentially leading to avoidable tragedies.
For more information, visit the source here.
“`
