2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA
description
Transcript of 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA
![Page 1: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/1.jpg)
2005 MASFAA CONFERENCECHARLESTON, WEST VIRGINIA
Ginny D’Angelo
Vice President of Student Loans
Commerce Bank
Diane Lambart Fleming
Associate Director – Client Services
Central Michigan University
![Page 2: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/2.jpg)
GRAMM-LEACH-BLILEYGLB ACT
Financial Modernization Act of 1999
![Page 3: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/3.jpg)
Gramm-Leach-Bliley Act
GLB is a federal law, which includes provisions in requiring financial institutions to take steps ensuring the security and confidentiality of a consumers/customers personal information.
In 2003, the Federal Trade Commission (FTC) confirmed that higher education institutions are considered financial institutions under this law.
![Page 4: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/4.jpg)
Gramm-Leach-Bliley Act
Colleges and universities must be in compliance with provisions of the GLB Act that relate to the Safeguards Rule.
Colleges and universities that already comply with FERPA will be deemed to be in compliance with FTC privacy rules under the GLB Act.
![Page 5: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/5.jpg)
Gramm-Leach-Bliley Act
The law requires that institutions must protect information collected about individuals:
NamesAddresses and phone numbersBank and credit card accountsSocial Security numbers Income and credit histories
![Page 6: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/6.jpg)
Gramm-Leach-Bliley Act
According to the Safeguards Rule, financial institutions must develop a written information security plan that describes their program to protect customer information. Privacy notices explaining an institution’s information-sharing practices must also be provided to each customer.
![Page 7: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/7.jpg)
Gramm-Leach-Bliley ActExperts suggest that three areas of operation
present special challenges and risks to information security:
Employee training and management Information systems (network and
software),storage,transmissions and retrievals
Security management, including prevention, detection and response to attacks, intrusions or other system failures
![Page 8: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/8.jpg)
Gramm-Leach-Bliley Act
Quick Tips for Safeguarding information: Identify what is considered sensitive
informationProtect all sensitive information from
unauthorized access or usePut safeguarding into practiceReport suspicious activity
![Page 9: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/9.jpg)
How does this apply to you?
Privacy of Information – FERPA
Safety of Information
![Page 10: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/10.jpg)
Which Units are Most Affected by GLB?
Registrar
Financial Aid Office
Bursar
Development Office
IT
Academic Departments
![Page 11: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/11.jpg)
Privacy of Information
FERPA – Family Educational Rights & Privacy ActIf you are FERPA-compliant, you are meeting GLB criteria to protect information privacyFERPA protects privacy of all student educational records and financial information
![Page 12: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/12.jpg)
FERPA Policies
Written policy – University BulletinStaff training; i.e., memos from Registrar’s Office to faculty & staff regarding FERPA policyInformation is shared on a “need to know” basis, i.e.,:
AuditsLaw enforcement officials (must have proper documentation and credentials)Contracted services (loan, collection agencies)
Development Office
![Page 13: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/13.jpg)
GLB extends FERPA
If your institution makes loans to parents and other individuals, you must also protect their privacy
These loans can include:
PLUS
Alternative Parent Loans
![Page 14: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/14.jpg)
Safeguard Rule
Institutions must develop a written information security plan to protect customer information
Institutions must send privacy notices explaining the information-sharing practices to each customer
![Page 15: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/15.jpg)
Safeguards Rule Expanded
Must include plans to safeguard information against:Natural DisasterHuman ErrorFraudData corruptionTheft (hardware, software, reports)Unauthorized access
![Page 16: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/16.jpg)
Safeguards Rule (cont)
Natural Disaster (Hurricanes???) Is your data backed up in a remote
location?Do you lock your computer when you leave
your work station during fire alarms – or any other time, for that matter!?
![Page 17: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/17.jpg)
Safeguards Rule (cont)
Deliberate FraudMust maintain a separation of duties Conflict of interest policies must be
observed
Human ErrorDo you have audit trails and reports that
can be used to reconstruct data
![Page 18: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/18.jpg)
Safeguards Rule (cont)
Data CorruptionProtect and secure access to data, i.e.,
limit query vs. update capability on a “need-to-do” basis, limit student worker access as needed
Anti-virus software must be maintained and applied
Institution must erect firewalls and develop protection against hackers
![Page 19: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/19.jpg)
Safeguards Rule (cont)
Must secure against theft of hardware, software and reportsSecure during non-business hours: offices
locked, keys securedApproved shredder: eliminates guess work
in how to feed in documents
![Page 20: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/20.jpg)
More Safeguards
Must protect against unauthorized accessFrequent password changes should be
systematically requiredReports sent on a “need-to-know” basisComputer privacy shieldsStudent ID card readers – prevents
inappropriate overhearing of SIDs or SSNs
![Page 21: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/21.jpg)
More Safeguards
Communicating to students via e-mail: Use student’s institutional e-mail address Respond to non-institutional e-mail that an answer has been
sent to the student’s institutional e-mail address Respond to parent inquiries through student’s institutional e-
mail and ask student to forward to parent
• Mass e-mail communication to students should take student’s to a secure web site that protects their individual information
![Page 22: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/22.jpg)
Whose Responsible Anyway?
Identify and involve all offices involved with loans or collection of dataFAOBursar IT/Computer SystemsDevelopmentAcademic departments (scholarship
applications)
![Page 23: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/23.jpg)
Who’s the Compliance Officer?
Someone must be designated the institutional Compliance Officer
This function is usually assumed by the Business and Finance Division
FAO responsibility rests in informing potential units of GLB responsibility
![Page 24: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/24.jpg)
FAO GLB Policies
Shred all student-specific documents
Policy for identifying students and parents before sharing data
Refer non-student/parent requests (3rd party) to appropriate staff
Report computer problems immediately
![Page 25: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/25.jpg)
Additional FAO Policies
Don’t share passwords. Problem: What do you do when an employee is absent and you need to access information on his/her computer?Lock computers when leaving work areaComputer screens shielded from other studentsNo visitor left behind – or unattended!
![Page 26: 2005 MASFAA CONFERENCE CHARLESTON, WEST VIRGINIA](https://reader036.fdocuments.in/reader036/viewer/2022062500/56815736550346895dc4d798/html5/thumbnails/26.jpg)
CONTACT INFORMATION
Ginny D’Angelo(800) 666-3910
Fax: (314) [email protected]
Diane Lambart Fleming(989) 774-7429
Fax: (989) [email protected]