Case History: GLBA Compliance for Higher Education Institution
Wilson Consulting Group assisted a private research university which needed to create its GLBA program to ensure compliance to protect confidentiality and security of “nonpublic personal information” (NPI).
- 1 min read
Scenario
Title IV schools are financial institutions per Gramm-Leach-Bliley Act (GLBA, 2002). Per FSA PPA & SAIG agreements, these schools must have GLBA safeguards in place. Otherwise they may be found administratively incapable (unable to properly administer Title IV fund).
A private research university needed to create its GLBA program. This is to ensure compliance to protect confidentiality and security of “nonpublic personal information” (NPI).
* Tile IV School: An institution that processes U.S federal student aid
* NPI: any “personally identifiable financial information” that a financial institution collects about an individual in connection with providing a financial product or service, unless that information is otherwise “publicly available”
WCG Strategies
WCG was contracted to develop a GLBA compliance program that would assist the university in implementing correct policies, processes, standards, techniques and technologies to securely collect, handle and transmit NPI.
WCG developed and implemented a tailored GLBA compliance program. This program was consisted of:
- Compliance Program plan
- Data maps of all processes that transmit, process, and store PII
- Policies, processes, and standards
- Awareness, training, and education plan
- Service providers agreement and process evaluation
The Outcome
WCG assisted the university in determining their level of compliance within the GLBA by designing systems, processes, and procedures to achieve compliance. A comprehensive GLBA program was created by WCG and validated by the university management. The new program ensured compliance with GLBA and, thereby, improved its security posture.