Protection of Student Financial Aid Records and Information Under the GLBA

Because Platt College receives federal funds for students to attend, the College must comply with the provisions of the Gramm-Leach-Bliley Act (GLBA). Under the GLBA, financial services organizations, which include postsecondary educational institutions, are required to ensure the security and confidentiality of student financial aid records and information.

The GLBA places an affirmative obligation on financial institutions to implement reasonable security measures sufficient to safeguard sensitive consumer information. In order to comply with legal and regulatory requirements, schools must:

  • Perform an initial assessment identifying what sensitive information the school possesses, how is it stored, how is it accessed, who has access, who needs access to the information for valid business purposes, and how and to whom the data is transmitted;
  • Develop written policies and procedures to protect sensitive information, including policies for managing access to the data, physical and technical security measures, and employee training on the policies at all levels of the organization;
  • Implement physical and technical security measures to protect sensitive information;
  • Test and monitor security measures to confirm efficacy;
  • Adjust security measures as needed, based on the results of testing and/or changes to business practices;
  • Designate an employee(s) to manage its cybersecurity program; and
  • Oversee service providers who have access to sensitive information.

Platt College has three objectives regarding the GLBA:

  1. to determine whether the College has designated an individual to coordinate the information security program;
  2. to perform a risk assessment that addresses three areas: (a) Employee training and management; (b) Information systems including network and software design, as well as information processing, storage, transmission and disposal; and (c) Detecting, preventing and responding to attacks, intrusions, or other systems failures
  3. to document safeguards for identified risks.