Close this search box.
Home / Articles / GLBA Safeguards Rule Compliance Checklist for Higher Education

GLBA Safeguards Rule Compliance Checklist for Higher Education

May 8, 2023


The Gramm-Leach-Bliley Act (GLBA) , enacted in 1999, is designed to protect the privacy of consumers’ financial information and to ensure the security of that information. The GLBA applies to a wide range of institutions, including banks, credit unions, securities firms, and insurance companies.

Colleges and universities that administer student financial aid associated with Title IV programs have had to comply with the Safeguards Rule of the Gramm-Leach-Bliley Act since May 2003. Institutions of higher education are also subject to the GLBA, to the extent that they collect, use, or disclose personally identifiable financial information about their students. This information can include things like students’ names, addresses, Social Security numbers, and financial account numbers. 

The Safeguards Rule of the Gramm-Leach-Bliley Act contains new requirements that go into effect June 9, 2023. The original six security control requirements of the Safeguards Rule have been rephrased for clarity and expanded. Higher Education institutions must ensure compliance to avoid penalties or removal from the Department of Education’s information systems. 

We’ve created a checklist below to help these institutions navigate and prepare for the new requirements! 

GLBA Compliance Checklist

1. Review and update your institution’s information security program to comply with the new requirements.

2. Assess and identify potential risks to the security, confidentiality, and integrity of student data.

3. Develop and implement measures to control and mitigate identified risks.

4. Train employees on GLBA requirements and the institution’s information security program.

5. Monitor and test the effectiveness of the security measures and make necessary adjustments.

6. Ensure that service providers, such as vendors and contractors, are also in compliance with GLBA requirements.

7. Review and update your institution’s privacy notice to include information on how student data is protected.

8. Establish and maintain procedures to detect, respond to, and recover from security incidents.

9. Designate one or more employees to coordinate the information security program.

10. Conduct regular risk assessments and update the information security program as needed to address new risks or threats.

Ensuring Gramm-Leach-Bliley Act compliance can be a complex and time-consuming process. Our team of consultants specialize in GLBA compliance   for higher education institutions and can provide you with tailored solutions to meet your specific needs. This can include regular assessments, training, and updates to policies and procedures as needed. Clark Schaefer Consulting can assist you in understanding and implementing the new requirements now, so you will be fully prepared when the requirements take effect.

All content provided in this article is for informational purposes only. Matters discussed in this article are subject to change. For up-to-date information on this subject please contact a Clark Schaefer Hackett professional. Clark Schaefer Hackett will not be held responsible for any claim, loss, damage or inconvenience caused as a result of any information within these pages or any information accessed through this site.


Related Articles


2 Min Read

Leveraging AI to Add Value to Your Business


2 Min Read

Navigating SOX: How Compliance Shapes Trust and Stability 


2 Min Read

The Vital Imperative: Why Businesses Must Undertake Risk Assessments 


2 Min Read

The Latest on Cybersecurity Regulations from the SEC


2 Min Read

IT Audit Guide for Ohio Sports Gaming: Rule 3775-16-20


2 Min Read

 4 Key Benefits of a Cybersecurity Live Fire Exercise 

Get in Touch.

What service are you looking for? We'll match you with an experienced advisor, who will help you find an effective and sustainable solution.

  • Hidden
  • This field is for validation purposes and should be left unchanged.