Finding Text
Finding: Special Tests and Provisions – Gramm-Leach-Bliley Act
Student Financial Assistance Cluster
Federal Supplemental Educational Opportunities Grants (FESOG) (ALN 84.007)
Federal Work-Study Program (ALN 84.033)
Federal Perkins Loan Program (ALN 84.038)
Federal Pell Grant Program (ALN 84.063)
Federal Direct Student Loans (ALN 84.268)
Federal TEACH Grant (ALN 84.379)
U.S. Department of Education – Award Number: None provided, Award Year 2023-2024
Criteria: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm- Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED.
Condition: The University does not have certain elements of the required written policies in place to comply with GLBA rules for higher education institutions.
Questioned Costs: N/A
Context: During testing of Gramm-Leach-Bliley Act and inquiry with management, it was determined that the University does not have a written comprehensive information security program in place that meets all requirements.
Effect: The University could mishandle sensitive data.
Cause: Implementation of this compliance requirement requires significant coordination and planning from multiple departments across the University. While some correspondence was received from authoritative sources, the University was anticipating further guidance to implementation which never materialized.
Identification as a repeat finding: 2023-001
Recommendation: We recommend Dordt University perform an information security assessment and prepare a written information security program that is in compliance with GLBA.
Views of responsible officials and planned correction actions: The University agrees. See separate auditee documentation for planned corrective action.