SCENARIO: Title IV schools are financial institutions per Gramm-Leach-Bliley Act (GLBA, 2002). Per FSA PPA & SAIG agreements, these schools must have GLBA safeguards in place. Otherwise they may be found administratively incapable (unable to properly administer Title IV fund).
A private research university needed to create its GLBA program. This is to ensure compliance to protect confidentiality and security of “nonpublic personal information”(NPI).
Tile IV School: An institution that processes U.S federal student aid
NPI: any “personally identifiable financial information” that a financial institution collects about an individual in connection with providing a financial product or service, unless that information is otherwise “publicly available”
WCG's STRATEGY: Wilson Consulting Group (WCG) was contracted to develop a GLBA compliance program that would assist the university in implementing correct policies, processes, standards, techniques and technologies to securely collect, handle and transmit NPI.
- Compliance Program plan
- Data maps of all processes that transmit, process, and store PII
- Policies, processes, and standards
- Awareness, training, and education plan
- Service providers agreement and process evaluation
WCG RESULTS: A comprehensive GLBA program was created by WCG and validated by the university management. The new program ensured compliance with GLBA and, thereby, improved its security posture.
Get Started Now