Lapses in Cybersecurity Could Impact Title IV Eligibility for Higher Ed.

The Department of Education has made it clear that Title IV schools must comply with certain cybersecurity regulations, including those found in the Gramm-Leach-Bliley Act (GLBA). At a minimum, Title IV schools must understand the requirements of the new law and ensure compliance with those requirements. GLBA requires Title IV schools to take specific actions in order to protect a student’s personal information held by the institution. Schools must develop their own cybersecurity programs that include the following:

  1. Ability to assess the personal information collected, stored, accessed, used, and transmitted by the school.
  2. Appointed employee or group of employees to manage the school’s cybersecurity program.
  3. The implementation of physical and technical safeguards for all personal data.
  4. Written policies and procedures governing the handling, management and transmission of the school’s personal information.
  5. The ability to audit the school’s technical, physical, and procedural protections to make sure that they are performing as expected and making adjustments to any protections not performing as expected.
  6. Ensurance that vendors, contractors, consultants and other service providers having access to sensitive information are subject to and bound by the cybersecurity policy.

To hear more on how cybersecurity threats pose challenges for schools we invite you to register here for a webinar conducted by DiamonD MSS on January 18, 2018 – 12:00 PM – 12:45 CST.