Presentation is loading. Please wait.

Presentation is loading. Please wait.

2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA Ginny D’Angelo Vice President of Student Loans Commerce Bank Diane Lambart Fleming Associate Director.

Published byBarbara Montgomery Modified over 9 years ago

Similar presentations

Presentation on theme: "2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA Ginny D’Angelo Vice President of Student Loans Commerce Bank Diane Lambart Fleming Associate Director."— Presentation transcript:

1 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA Ginny D’Angelo Vice President of Student Loans Commerce Bank Diane Lambart Fleming Associate Director – Client Services Central Michigan University

2 GRAMM-LEACH-BLILEY GLB ACT Financial Modernization Act of 1999

3 Gramm-Leach-Bliley Act GLB is a federal law, which includes provisions in requiring financial institutions to take steps ensuring the security and confidentiality of a consumers/customers personal information. In 2003, the Federal Trade Commission (FTC) confirmed that higher education institutions are considered financial institutions under this law.

4 Gramm-Leach-Bliley Act  Colleges and universities must be in compliance with provisions of the GLB Act that relate to the Safeguards Rule.  Colleges and universities that already comply with FERPA will be deemed to be in compliance with FTC privacy rules under the GLB Act.

5 Gramm-Leach-Bliley Act The law requires that institutions must protect information collected about individuals:  Names  Addresses and phone numbers  Bank and credit card accounts  Social Security numbers  Income and credit histories

6 Gramm-Leach-Bliley Act According to the Safeguards Rule, financial institutions must develop a written information security plan that describes their program to protect customer information. Privacy notices explaining an institution’s information-sharing practices must also be provided to each customer.

7 Gramm-Leach-Bliley Act Experts suggest that three areas of operation present special challenges and risks to information security:  Employee training and management  Information systems (network and software),storage,transmissions and retrievals  Security management, including prevention, detection and response to attacks, intrusions or other system failures

8 Gramm-Leach-Bliley Act Quick Tips for Safeguarding information:  Identify what is considered sensitive information  Protect all sensitive information from unauthorized access or use  Put safeguarding into practice  Report suspicious activity

9 How does this apply to you? Privacy of Information – FERPA Safety of Information

10 Which Units are Most Affected by GLB? Registrar Financial Aid Office Bursar Development Office IT Academic Departments

11 Privacy of Information FERPA – Family Educational Rights & Privacy Act If you are FERPA-compliant, you are meeting GLB criteria to protect information privacy FERPA protects privacy of all student educational records and financial information

12 FERPA Policies Written policy – University Bulletin Staff training; i.e., memos from Registrar’s Office to faculty & staff regarding FERPA policy Information is shared on a “need to know” basis, i.e.,: Audits Law enforcement officials (must have proper documentation and credentials) Contracted services (loan, collection agencies) Development Office

13 GLB extends FERPA If your institution makes loans to parents and other individuals, you must also protect their privacy These loans can include: PLUS Alternative Parent Loans

14 Safeguard Rule Institutions must develop a written information security plan to protect customer information Institutions must send privacy notices explaining the information-sharing practices to each customer

15 Safeguards Rule Expanded Must include plans to safeguard information against: Natural Disaster Human Error Fraud Data corruption Theft (hardware, software, reports) Unauthorized access

16 Safeguards Rule (cont) Natural Disaster (Hurricanes???) Is your data backed up in a remote location? Do you lock your computer when you leave your work station during fire alarms – or any other time, for that matter!?

17 Safeguards Rule (cont) Deliberate Fraud Must maintain a separation of duties Conflict of interest policies must be observed Human Error Do you have audit trails and reports that can be used to reconstruct data

18 Safeguards Rule (cont) Data Corruption Protect and secure access to data, i.e., limit query vs. update capability on a “need-to-do” basis, limit student worker access as needed Anti-virus software must be maintained and applied Institution must erect firewalls and develop protection against hackers

19 Safeguards Rule (cont) Must secure against theft of hardware, software and reports Secure during non-business hours: offices locked, keys secured Approved shredder: eliminates guess work in how to feed in documents

20 More Safeguards Must protect against unauthorized access Frequent password changes should be systematically required Reports sent on a “need-to-know” basis Computer privacy shields Student ID card readers – prevents inappropriate overhearing of SIDs or SSNs

21 More Safeguards Communicating to students via e-mail: Use student’s institutional e-mail address Respond to non-institutional e-mail that an answer has been sent to the student’s institutional e-mail address Respond to parent inquiries through student’s institutional e- mail and ask student to forward to parent Mass e-mail communication to students should take student’s to a secure web site that protects their individual information

22 Whose Responsible Anyway? Identify and involve all offices involved with loans or collection of data FAO Bursar IT/Computer Systems Development Academic departments (scholarship applications)

23 Who’s the Compliance Officer? Someone must be designated the institutional Compliance Officer This function is usually assumed by the Business and Finance Division FAO responsibility rests in informing potential units of GLB responsibility

24 FAO GLB Policies Shred all student-specific documents Policy for identifying students and parents before sharing data Refer non-student/parent requests (3 rd party) to appropriate staff Report computer problems immediately

25 Additional FAO Policies Don’t share passwords. Problem: What do you do when an employee is absent and you need to access information on his/her computer? Lock computers when leaving work area Computer screens shielded from other students No visitor left behind – or unattended!

26 CONTACT INFORMATION Ginny D’Angelo (800) 666-3910 Fax: (314) 514-6228 Ginny.dangelo@commercebank.com Diane Lambart Fleming (989) 774-7429 Fax: (989) 774-3634 flemi1dl@cmich.edu

Download ppt "2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA Ginny D’Angelo Vice President of Student Loans Commerce Bank Diane Lambart Fleming Associate Director."

Similar presentations

Protect Our Students Protect Ourselves

Protect Our Students Protect Ourselves
FERPA: Family Educational Rights and Privacy Act

FERPA: Family Educational Rights and Privacy Act
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.

UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.
1 FTC SAFEGUARDS RULE Gramm-Leach-Bliley Act Effective 5/23/2003.

1 FTC SAFEGUARDS RULE Gramm-Leach-Bliley Act Effective 5/23/2003.
Compliance with Federal Trade Commission’s “Red Flag Rule”

Compliance with Federal Trade Commission’s “Red Flag Rule”
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
FERPA Refresher Training Start. Page 2 of 11 Copyright © 2006 Arizona Board of Regents FERPA Refresher Training What is FERPA FERPA stands for Family.

FERPA Refresher Training Start. Page 2 of 11 Copyright © 2006 Arizona Board of Regents FERPA Refresher Training What is FERPA FERPA stands for Family.
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.

Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
2006 Spring MASFAP CONFERENCE Ginny D’Angelo Vice President of Student Loans Commerce Bank Leo Hertling Associate Director St. Louis College of Pharmacy.

2006 Spring MASFAP CONFERENCE Ginny D’Angelo Vice President of Student Loans Commerce Bank Leo Hertling Associate Director St. Louis College of Pharmacy.
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.
Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.

Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.
Protecting Personal Information Guidance for Business.

Protecting Personal Information Guidance for Business.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
What to Know, What to Do Presentation Powered By: The Federal Trade Commission Consumer Protection Toolkit.

What to Know, What to Do Presentation Powered By: The Federal Trade Commission Consumer Protection Toolkit.
Protecting Your Identity: What to Know, What to Do.

Protecting Your Identity: What to Know, What to Do.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.

BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.

Similar presentations

Ads by Google