Pennsylvania Tax Officials State that Teleworkers Will Not Create Nexus for State Taxes
Stay-at-home orders in effect across the country have forced a large portion of the American work force to work from home. Businesses transitioning their ...
The Gramm-Leach-Bliley Act (GLBA) is a federal ruling that applies to all entities that collect consumer financial data, including institutions of higher education. This law, specifically the Safeguards Rule, applies to how organizations collect, store, and use student financial records that contain personally identifiable information (PII). Examples of student data that need to be protected under the GLBA include information provided on the Free Application for Federal Student Aid (FAFSA) form, student application information, and student information shared with loan servicers. Higher education institutions have been required to comply with the provisions of the GLBA since 2003, but the Department of Education (DoED) didn’t actually enforce them until recently.
In July 2016, the DoED issued a “Dear Colleague” letter (GEN-16-12) reminding institutions of their legal obligations to comply with the GLBA and protect student information: https://ifap.ed.gov/dpcletters/attachments/GEN1612.pdf.
Following the issuance of that letter, the U.S. Office of Management and Budget’s 2019 Compliance Supplement included compliance requirements related to the GLBA and student information security. As a result, higher education institutions’ compliance with the GLBA was required to be tested as part of each institution’s single audit.
So, what does your institution need to do to ensure compliance with the GLBA for future Single Audits? The Compliance Supplement requires institutions to complete the following steps:
The DoED has made it clear that data security and student privacy are critical issues. It’s unclear what the repercussions will be for repeat findings, but failure to comply with the provisions of the GLBA could result in restriction or loss of eligibility for certain federal funding.
If you’d like further information on how to comply with the GLBA, please refer to page 5-3-52 of the revised August 2019 Compliance Supplement:
In addition, please visit the Department of Education’s cybersecurity compliance page for further information on how to protect your data:
This article was updated on May 7, 2020. Updates to this article will be made as new information becomes available. Since late March, the U.S. Small Business ...
One PPG Place, Suite 1700
Pittsburgh, PA 15222
65 East State Street, Suite 2000
Columbus, OH 43215
1660 International Drive, Suite 600
McLean, VA 22102