Download presentation
Presentation is loading. Please wait.
Published byTyrone Becket Modified over 9 years ago
1
Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University
2
GLB Act – who is affected Federal Trade Commission Regulation Applies to all institutions that act in a banking capacity Applies to universities that make loans and/or do loan collections This includes Perkins Loans, institutional loans, and “school-as-lender” FFELP
3
GLB Act – what it means Requires institutions meet standards related to safeguarding customer financial information Deadline for compliance was 5/23/03 Two major areas Privacy of information Safety of information
4
Privacy of Information Universities who abide by FERPA are meeting the criteria to protect information privacy FERPA – Family Educational Rights & Privacy Act Protects the privacy of all student educational records, including financial information
5
FERPA Requirements You should have a written policy in place Staff should have periodic training Exceptions are “need to know” within the institution Audits Law enforcement with proper legal documents Financial servicers or partners (i.e., loan servicers, collection agencies)
6
FERPA Extended To comply with GLB, financial information for non-students must also have privacy protection Apply FERPA policies to parents and anyone else for whom you make loans
7
Safety of Information Natural Disaster Human Error Deliberate Fraud Corruption of Data Theft of Hardware, Software, Reports Unauthorized Access
8
Safety of Information Natural Disaster Backups in remote locations Human Error Audit trails, reports Deliberate Fraud Separation of Duties
9
Safety of Information Corruption of Data Secured Access Anti-virus software Firewalls & hacker protection
10
Safety of Information Theft of Hardware, Software, Reports Secure during non-business hours Work areas require escort Documents control Shred discards Keep unauthorized visitors away from documents
11
Safety of Information Unauthorized Access Password access Anti-hacker software Policies on who may receive reports and files from your office Privacy shields on computers
12
Task Force Concerns Involve all offices who handle student loan or collections data Financial Aid Bursar/Controller Information Technology/Computer Systems Recommended addition University Counsel
13
Designate a Compliance Office or Officer Each institution must designate a compliance office or officer who is responsible for holding and monitoring compliance documents
14
Risk Assessment Documentation List each privacy and safety concern Address how your institution minimizes each risk Documents should be on file from each office that “touches” the data Third party servicer contracts should contain protective language as well
15
Contract Language University Counsel should recommend contract language to be inserted in all university contracts with 3 rd party vendors who have access to your student/parent financial loan data The deadline to add such language to your contracts was May 2004
16
Recommended Office Policies Place all student-specific documents in shredding bins Verify identity of students & parents before sharing data Refer 3 rd party requests to your designated staff May be Compliance Officer, AD or Director Report computer problems promptly
17
Other Office Policies Staff must not share passwords Lock or power down computers when leaving work area Shield computer screens and data from other students Do not leave visitors unattended
18
Questions & Answers Val Meyers Michigan State University meyersv@msu.edu
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.