The Gramm-Leach-Bliley Act (GLBA) , enacted in 1999, is designed to protect the privacy of consumers’ financial information and to ensure the security of that information. The GLBA applies to a wide range of institutions, including banks, credit unions, securities firms, and insurance companies.
Colleges and universities that administer student financial aid associated with Title IV programs have had to comply with the Safeguards Rule of the Gramm-Leach-Bliley Act since May 2003. Institutions of higher education are also subject to the GLBA, to the extent that they collect, use, or disclose personally identifiable financial information about their students. This information can include things like students’ names, addresses, Social Security numbers, and financial account numbers.
The Safeguards Rule of the Gramm-Leach-Bliley Act contains new requirements that go into effect June 9, 2023. The original six security control requirements of the Safeguards Rule have been rephrased for clarity and expanded. Higher Education institutions must ensure compliance to avoid penalties or removal from the Department of Education’s information systems.
We’ve created a checklist below to help these institutions navigate and prepare for the new requirements!
GLBA Compliance Checklist
1. Review and update your institution’s information security program to comply with the new requirements.
2. Assess and identify potential risks to the security, confidentiality, and integrity of student data.
3. Develop and implement measures to control and mitigate identified risks.
4. Train employees on GLBA requirements and the institution’s information security program.
5. Monitor and test the effectiveness of the security measures and make necessary adjustments.
6. Ensure that service providers, such as vendors and contractors, are also in compliance with GLBA requirements.
7. Review and update your institution’s privacy notice to include information on how student data is protected.
8. Establish and maintain procedures to detect, respond to, and recover from security incidents.
9. Designate one or more employees to coordinate the information security program.
10. Conduct regular risk assessments and update the information security program as needed to address new risks or threats.
Ensuring Gramm-Leach-Bliley Act compliance can be a complex and time-consuming process. Our team of consultants specialize in GLBA compliance for higher education institutions and can provide you with tailored solutions to meet your specific needs. This can include regular assessments, training, and updates to policies and procedures as needed. Clark Schaefer Consulting can assist you in understanding and implementing the new requirements now, so you will be fully prepared when the requirements take effect.
