compliance

The memo below from the Federal Student Aid (FSA) Enterprise Cybersecurity Group to a university president reflects an increasing trend in findings of non-compliance with the Gramm-Leach-Bliley Act (GLBA) from annual audits. Previously uncommon, such notices are now being received consistently across multiple institutions. This memo highlights deficiencies in GLBA compliance that jeopardize the security of FSA systems and the students they serve. It requests immediate acknowledgment from the university and demands a corrective action plan within 30 days to address these issues, emphasizing the growing urgency and focus on stringent data security practices in safeguarding student information.

Keith Robertson, CISO at DeepSeas who has years of experience working with higher education, said “This is a good reminder for universities that may not be compliant with GLBA. It’s crucial for educational institutions to reassess and strengthen their data protection strategies to safeguard student financial information.”

If your university hasn’t started to address GLBA requirements or needs guidance along the way, we invite you to schedule time with one of our in-house CISOs at DeepSeas.

Get a DeepSeas vCISO or Deputy CISO