Finding Text
Criteria or specific requirement: The Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data (16 CFR 314). The Federal Trade Commission considers Title IV-eligible institutions that participate in Title IV Educational Assistance Programs as “financial institutions” and subject to the Gramm Leach-Bliley Act because they appear to be significantly engaged in wiring funds to consumers (16 CFR 313.3(k)(2)(vi)). Institutions agree to comply with GLBA in their Program Participation Agreement with ED. Institutions must protect student financial aid information, with particular attention to information provided to institutions by ED or otherwise obtained in support of the administration of the Federal student financial aid programs (16 CFR 314.3; HEA 483(a)(3)(E) and HEA 485B(d)(2)). ED provides additional information about cybersecurity requirements at https://studentprivacy.ed.gov/security. ED also issued an Electronic Announcement on GLBA compliance that can be found at https://fsapartners.ed.gov/knowledge-center/library/electronic-announcements/2023-02-09/updates-gramm-leach-bliley-act-cybersecurity-requirements
Condition: We identified that the College fails to meet some of the compliance requirements outlined in the GLBA Safeguards Rule.
Questioned costs: None
Context: During our testing, we noted the College did not meet one of the required elements outlined in the GLBA safeguards rule.
Cause: The College did not have procedures in place to meet the requirements outlined in the GLBA safeguards rule.
Effect: The College is not in compliance with the GLBA safeguards rule.
Repeat Finding: No
Recommendation: We recommend the College implement policies and procedures that meet all requirements outlined in the GLBA safeguards rule.
Views of responsible officials: There is no disagreement with the audit finding.