The Gramm-Leach-Bliley Act (GLBA) requires colleges and universities to protect the personal data of parents and students participating in the Federal Student Aid (FSA) program. While some private colleges and universities may not participate in this program, many do. With an increase in the frequency and severity of cyberattacks, the Department of Education has stepped up its enforcement of various aspects of the Act. Make sure your college is following the rules to avoid losing access to the FSA program.
Colleges and universities that participate in the federal student aid program under Title IV must comply with the Gramm-Leach-Bliley Act. The Act requires educational institutions to safeguard the privacy and security of parent and student information. It is important for colleges to develop and maintain strong data security policies and internal controls to protect against unauthorized access or disclosure of private information. Colleges must carefully follow the Act, which requires institutions to:1
The Department of Education advises that at a minimum, colleges and universities should evaluate and document their current security practices and compare them against the requirements in GLBA. For more information about the cybersecurity requirements of GLBA, read the article Gramm-Leach-Bliley Act and Cybersecurity – What Colleges Need to Know, found in the Brotherhood Mutual Safety Library.
To further enhance the safety and security of protected information, the Department of Education enforces the legal requirements of the Act by requiring compliance audits. By now incorporating the GLBA security controls into the Annual Audit Guide, the Department of Education can assess and confirm compliance. This means that colleges and universities will want to pay careful attention to the audit requirements found within the Act. In an announcement issued by the Department of Education, it was communicated that auditors must evaluate three information safeguard requirements found in 16 C.F.R. Part 314 for both the institution and any third-party provider. The requirements are2:
When an auditor determines that an institution or servicer has failed to comply with any of these GLBA requirements, the finding will be included in the institution’s audit report.
Failing to comply with the cybersecurity requirements found in the Gramm-Leach-Bliley Act can cost your college or university time, money, and reputation. Potential penalties for not adequately complying with the requirements include temporary or permanent suspension of access to the Department’s information systems, fines, or loss of access to FSA funds.
Regardless of how stringent your cybersecurity is, the fact remains that colleges and universities are a top target of data thieves. With an average cost of $3.9 million3, a cyber breach can cost time and pull resources away from your core goals.
Brotherhood Mutual Insurance Company offers cyber liability coverages to help protect educational institutions against property damage, financial damage, or emotional injury claims resulting from your activities related to computer use and electronic data.
This coverage helps pay for the cost to send required notifications after a breach, the fees associated with credit monitoring services, or the fees paid to a public relations firm to protect your reputation. It also offers special defense coverage for responding to subpoenas, regulatory actions, or non-compensatory lawsuits related to computer use or electronic data.
Published December 28, 2020.
Thank you for your interest in Brotherhood Mutual. We appreciate the opportunity to provide your church or other ministry with an insurance quote and will reply to your request as soon as possible.
2024 Brotherhood Mutual
Text to follow...
2024 Brotherhood Mutual