Date
July 19 - July 21, 2023
Presenters
Manager
Chief Information Officer
Pierpont Community and Technical College
Description
Location: Morgantown, West Virginia
Cynthia and Ron will be speaking on the topic of Financial Privacy -The Impact of Gramm-Leach-Bliley (GLBA) on Higher Education.
In 2018, in response to the increase of cyberattacks and data breaches, the Federal Trade Commission determined that institutions of higher learning that receive financial aid are a covered financial institutional under Gramm-Leach-Bliley Act (GLBA). Many institutions are unaware of this change until asked by an auditor or examiner and do not have the resources or a plan to comply. Compliance with GLBA is much more than just having a strong IT program, though it is typically carried out by the IT/IS department. It requires working with Financial Aid to comply with certain provisions of the regulation.
This presentation will begin with an overview of the GLBA Safeguards Rule – what it is, latest updates and the components of a reasonable security program. These components include the designation of a qualified individual to implement/supervise the institution’s Information Security program, conducting risk assessment and designing and implementing safeguards to control the risks identified in the risk assessment, ongoing monitoring and testing the effectiveness of the safeguards, training, creation of an incident management program and developing a strong vendor management program. A key partner in the development of this program is the Financial Aid Office.
Ron Hamilton will talk about his experience with proactively expanding the IT program set up at his university to comply with the GLBA Safeguards Rules and experience with auditors/examiners when it came to review of the program. Cynthia Boehmer will talk about how she assisted Ron and his group with the implementation of a risk assessment program and best practices in building a GLBA/privacy program, drawing on her experience with financial institutions and other organization that collect NPPI.
What the attendees will take away from this presentation:
- How the GLBA Safeguards Rules applies to your institution
- Best practices to work together with Financial Aid to comply with regulatory requirements
- Learn from a CIO at a peer institution on how they expanded their IT program to comply with GLBA
