Finding Text
Federal Program Information: Student Financial Assistance Cluster (Various ALN #’s)
Criteria or Specific Requirement (Including Statutory, Regulatory or Other Citation): Special Tests and Provisions – Gramm-Leach-Bliley Act -Student Information Security - The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm-Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Under an institution’s Program Participation Agreement with the Department of Education and the Gramm-Leach-Bliley Act, institutions must develop, implement, and maintain a comprehensive information security program to address the required minimum elements set forth in 16 CFR 314.4 (16 CFR 313(a)).
Condition: The College did not maintain a written information security program that addresses the minimum elements.
Cause: Lack of administrative oversight with respect to Gramm- Leach-Bliley Act requirements.
Effect or Potential Effect: The College was not in compliance with the requirements of the Gramm-Leach-Bliley Act.
Questioned Costs: None.
Context: The College did not maintain a written information security program that addresses the minimum elements.
Identification as a Repeat Finding: There was no similar finding identified during the prior year.
Recommendation: We recommend the College enhance its procedures with respect to compliance with the requirements of the Gramm-Leach-Bliley Act.
Views of Responsible Officials: