©2009 Rodney J. Petersen. The text of this article is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0 License (http://creativecommons.org/licenses/by-nc-nd/3.0/ ).

EDUCAUSE Review, vol. 44, no. 1 (January/February 2009): 74–75

The Policy Process Life Cycle

Rodney J. Petersen.

As IT leaders in U.S. higher education seek to understand public policy issues, and as they consider their role in policy analysis and advocacy, it is critical that they understand the policy process life cycle. Typically, this life cycle involves five stages: (1) discussion and debate; (2) political action; (3) legislative proposal; (4) law and regulation; and (5) compliance.

1. Discussion and Debate

The exploration of policy issues is often triggered by events: for example, natural disasters or tragic campus incidents such as the shootings at Virginia Tech. In addition, policy discussions are sometimes generated by concerns: for example, the need to protect personal data to maintain an individual's privacy or to prevent identity theft. In still other cases, policy debates are influenced by special interests: for example, the entertainment industry's persistence in leveraging congressional attention to curb illegal peer-to-peer file sharing on campus. Whatever the source, policy issues at this stage demand careful study to determine the best outcome for higher education.

EDUCAUSE's positions on national broadband policy and network neutrality are good examples of policy issues that have hovered around this first stage longer than most others. There continues to be considerable discussion and debate about the best course for the government to pursue in an effort to stimulate broadband deployment. Similarly, the network neutrality debate has evolved into a discussion about appropriate network management, since there are concerns that service providers may discriminate against network content by giving priority to certain services.

The EDUCAUSE Washington Office is a key resource for working with Congress, the executive branch, think tanks, trade groups, and other higher education associations to educate policymakers and to influence policy direction at this initial stage. Additionally, campus presidents, federal relations representatives, and academic experts all are active in shaping policy discussion and debate.

2. Political Action

In the second stage of the policy process life cycle, political actors sometimes use their position of influence to force action or change. This can take the form of a public statement or a letter from a political leader urging someone to do–or refrain from doing–something. It could also include the promise of an investigation, sometimes accomplished through informal meetings, roundtables, or other exploratory activities. Or it could result in the initiation of a formal investigation, conducted either by a law enforcement entity if criminal wrongdoing is suspected or through a public hearing. And of course, some issues become part of a political candidate's campaign platform, which can be used to draw more public attention to the topic or to win votes.

For example, soon after the announcement of the National Strategy to Secure Cyberspace in February 2003 (http://www.dhs.gov/xlibrary/assets/National_Cyberspace_Strategy.pdf), there was immediate criticism that the Strategy did not go far enough in mandating change in how the private sector secured its networks or how technology companies developed their products. In response to the potential for legislation that would create new cybersecurity requirements for businesses and nonprofit organizations, the private sector rallied to persuade Congress to postpone a legislative proposal in favor of voluntary actions on the part of affected industries. Thus, the U.S. House of Representatives formed the Corporate Information Security Working Group, which, among other actions, developed a set of "Best Practices and Metrics."¹

Higher education representatives need to become more active at this second stage in order to persuade policymakers to act–or not to act, in some cases–in the best interests of the academic community. Higher education associations working with campus federal relations representatives and campus presidents can be especially influential at the political action stage.

3. Legislative Proposal

An impasse at the political action stage may force Congress to craft a legislative response. Congressional action can range from bills to resolutions to requests for studies conducted by the Congressional Research Service. Issues also get referred to a congressional committee structure that is heavily influenced by politics, seniority, and the legislative priorities of the majority party.² Some issues can get caught in the process of legislative churn and never move beyond this stage. For example, Congress has been unable to establish a national security breach notification law even though those in the higher education community generally agree that a uniform approach would be more desirable than interpreting and applying the more than forty different state laws with varying standards. On the other hand, some issues move quickly through the legislative process (e.g., the USA PATRIOT Act)–sometimes too quickly for much public debate.

EDUCAUSE staff actively monitor hearings and also work with congressional staff or committee staff to help shape the language of legislation that might affect the use of IT in higher education. Advocacy is increasingly critical at this stage because of the need to influence the outcome of a particular piece of legislation that could result in new requirements or lead to funding opportunities. College and university representatives are often called to testify in committee hearings or to serve as experts in the development of legislation. Campus legal counsel also tends to take notice at this stage, generally loathing the prospects of any further "unfunded government mandates."

4. Law and Regulation

A bill becomes law after it has been approved by both bodies of Congress and signed by the president. The effective date generally dictates how quickly institutions must move to implement the law. In some cases, the law directs a specific government agency to devise regulations on how the law will be implemented.

For example, the provisions of the Higher Education Opportunity Act of 2008 related to peer-to-peer file sharing, emergency notifications, and other issues of concern to IT organizations will be implemented through new regulations to be promulgated by the U.S. Department of Education. The Department has elected to pursue a process of "negotiated rulemaking" in collaboration with representatives of the parties who will be significantly affected by the regulations. This will be done through a series of meetings, facilitated by a neutral third party; during the meetings, these representatives, referred to as "negotiators," will work with the Department to come to consensus on the proposed regulations.³

Not surprisingly, the law and regulation stage can be critical because it is here that many of the implementation details will emerge. For this reason, many policy organizations separate the function of "congressional affairs" from "regulatory affairs," recognizing the different types of skills and expertise required and the need to influence an entirely new set of government actors. The role of campus federal relations officers becomes less critical at this stage, and campus legal counsel, compliance officials, and policy administrators will become more engaged because of the potential for legal liability and for influence of regulatory outcomes. A new law may also affect campus public safety organizations and other law enforcement entities.

5. Compliance

Once a law is in effect and the regulatory details have been finalized, institutions must comply or else address legal risks. At this stage, the process of developing institutional policies becomes particularly important, especially if a new policy is required in a relatively short time period. Compliance with a new law or regulation may require risk assessments, the establishment of new programs or services, the implementation of institutional policies, or other measures designed to correct a problem that the law is attempting to address.⁴

The EDUCAUSE/Cornell Institute for Computer Policy and Law (ICPL, http://www.educause.edu/icpl) is a key resource for learning more about the intersection between legal issues and institutional policies. The annual institute provides an educational setting to explore topical issues with experts and peers and to surface best practices for IT policy development. Additionally, the Association of College and University Policy Administrators (ACUPA, http://www.acupa.org) is a national network of campus policy administrators who regularly exchange ideas and best practices regarding both the policy process and a broad range of campus policy issues.

Conclusion

The use of the word policy can easily lead to differing reactions, results, and courses of action depending on the particular stage of the policy process life cycle. Policy analysis and advocacy is an increasingly important activity for all four of the EDUCAUSE focus areas. The growing importance of policy issues will require that IT staff become better informed about these issues and that they also become engaged at the appropriate time. Although the EDUCAUSE Washington Office remains a primary resource to influence IT policy on behalf of colleges and universities, the participation of a range of community members–at the right stages in the policy process life cycle–is essential to upholding the interests of all of us in higher education.

1. See Corporate Information Security Working Group, "Report of the Best Practices and Metrics Teams," November 17, 2004, <http://www.cisecurity.org/Documents/BPMetricsTeamReportFinal111704Rev11005.pdf>.
2. For a more detailed understanding of this process, see Charles W. Johnson, How Our Laws Are Made (Washington, D.C.: Government Printing Office, 2003), <http://www.senate.gov/reference/resources/pdf/howourlawsaremade.pdf>.
3. For more information on the process of negotiated rulemaking, see the FAQs on the U.S. Department of Education website: <http://www.ed.gov/policy/highered/reg/hearulemaking/hea08/neg-reg-faq.html>.
4. The implementation of institutional policies can include all of the following: policy statements, procedures, rules, guidelines, standards, and checklists. See Mark Bruhn and Rodney Petersen, "A Primer on Policy Development for Institutions of Higher Education," 2003, <http://www.educause.edu/ir/library/pdf/SEC0501.pdf>.