Your Institution Received a Gramm-Leach-Bliley Act Finding in 2019 – Now What?

Audit, Higher Education
by Michael Withrow
share with a colleague Download PDF

The Gramm-Leach-Bliley Act (GLBA) is a federal ruling that applies to all entities that collect consumer financial data, including institutions of higher education. This law, specifically the Safeguards Rule, applies to how organizations collect, store, and use student financial records that contain personally identifiable information (PII).  Examples of student data that need to be protected under the GLBA include information provided on the Free Application for Federal Student Aid (FAFSA) form, student application information, and student information shared with loan servicers.   Higher education institutions have been required to comply with the provisions of the GLBA since 2003, but the Department of Education (DoED) didn’t actually enforce them until recently.

In July 2016, the DoED issued a “Dear Colleague” letter (GEN-16-12) reminding institutions of their legal obligations to comply with the GLBA and protect student information:  https://ifap.ed.gov/dpcletters/attachments/GEN1612.pdf.

Following the issuance of that letter, the U.S. Office of Management and Budget’s 2019 Compliance Supplement included compliance requirements related to the GLBA and student information security.  As a result, higher education institutions’ compliance with the GLBA was required to be tested as part of each institution’s single audit. 

So, what does your institution need to do to ensure compliance with the GLBA for future Single Audits?  The Compliance Supplement requires institutions to complete the following steps:

  • Designate an individual to coordinate the information security program
  • Perform a risk assessment that addresses the following areas:
    • Employee training and management
    • Information systems, including network and software design, as well as information processing, storage, transmission and disposal
    • Detecting, preventing and responding to attacks, intrusions, or other systems failures
  • Document safeguards for identified risks

The DoED has made it clear that data security and student privacy are critical issues.  It’s unclear what the repercussions will be for repeat findings, but failure to comply with the provisions of the GLBA could result in restriction or loss of eligibility for certain federal funding. 

If you’d like further information on how to comply with the GLBA, please refer to page 5-3-52 of the revised August 2019 Compliance Supplement:

https://www.whitehouse.gov/wp-content/uploads/2019/09/2-CFR_Part-200_Appendix-XI_Compliance-Supplement_August-2019_FINAL_v2_09.19.19.pdf

In addition, please visit the Department of Education’s cybersecurity compliance page for further information on how to protect your data:

https://ifap.ed.gov/eannouncements/Cyber.html

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2024 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Higher Education BY Patrick Kerns
Preparing for Financial Responsibility Rule Changes
read more >
Higher Education BY Hayley Planitzer
Managing University Costs: Strategies for Examining and Identifying Savings Opportunities
read more >
Government, Higher Education BY Sarah Schauble
Pell Grant Program Facing Shortfall
read more >
Audit BY Erin Puko-Wilking
2024 Audit Plan Hot Spots
read more >
Higher Education BY Brendan Leech
2024 Policy Shifts: Essential Updates Every College Should Know
read more >
Audit, Emerging Technology BY Kevin Davis
Cap Table Basics for Startup Companies
read more >
Register to receive our weekly newsletter with our most recent columns and insights.
subscribe for updates
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us
Pittsburgh
Columbus
Metropolitan Washington
Image of Prime Global Logo
follow us client portal

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×
Accept