2006 spring masfap conference
This presentation is the property of its rightful owner.
Sponsored Links
1 / 32

2006 Spring MASFAP CONFERENCE PowerPoint PPT Presentation


  • 72 Views
  • Uploaded on
  • Presentation posted in: General

2006 Spring MASFAP CONFERENCE. Ginny D’Angelo Vice President of Student Loans Commerce Bank Leo Hertling Associate Director St. Louis College of Pharmacy. GRAMM-LEACH-BLILEY GLB ACT. Financial Modernization Act of 1999. Gramm-Leach-Bliley Act.

Download Presentation

2006 Spring MASFAP CONFERENCE

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


2006 spring masfap conference

2006 Spring MASFAP CONFERENCE

  • Ginny D’Angelo

  • Vice President of Student Loans

  • Commerce Bank

  • Leo Hertling

  • Associate Director

  • St. Louis College of Pharmacy


Gramm leach bliley glb act

GRAMM-LEACH-BLILEYGLB ACT

Financial Modernization Act of 1999


Gramm leach bliley act

Gramm-Leach-Bliley Act

GLB is a federal law, which includes provisions in requiring financial institutions to take steps ensuring the security and confidentiality of a consumers/customers personal information.

In 2003, the Federal Trade Commission (FTC) confirmed that higher education institutions are considered financial institutions under this law.


Gramm leach bliley act1

Gramm-Leach-Bliley Act

  • Colleges and universities must be in compliance with provisions of the GLB Act that relate to the Safeguards Rule.

  • Colleges and universities that already comply with FERPA will be deemed to be in compliance with FTC privacy rules under the GLB Act.


Gramm leach bliley act2

Gramm-Leach-Bliley Act

The law requires that institutions must protect information collected about individuals:

  • Names

  • Addresses and phone numbers

  • Bank and credit card accounts

  • Social Security numbers

  • Income and credit histories


Gramm leach bliley act3

Gramm-Leach-Bliley Act

According to the Safeguards Rule, financial institutions must develop a written information security plan that describes their program to protect customer information. Privacy notices explaining an institution’s information-sharing practices must also be provided to each customer.


Gramm leach bliley act4

Gramm-Leach-Bliley Act

Experts suggest that three areas of operation present special challenges and risks to information security:

  • Employee training and management

  • Information systems (network and software),storage,transmissions and retrievals

  • Security management, including prevention, detection and response to attacks, intrusions or other system failures


Gramm leach bliley act5

Gramm-Leach-Bliley Act

Quick Tips for Safeguarding information:

  • Identify what is considered sensitive information

  • Protect all sensitive information from unauthorized access or use

  • Put safeguarding into practice

  • Report suspicious activity


How does this apply to you

How does this apply to you?

  • Privacy of Information – FERPA

  • Safety of Information


Which units are most affected by glb

Which Units are Most Affected by GLB?

  • Registrar

  • Financial Aid Office

  • Bursar

  • Development Office

  • IT

  • Academic Departments


Privacy of information

Privacy of Information

  • FERPA – Family Educational Rights & Privacy Act (1974)

  • If you are FERPA-compliant, you are meeting GLB criteria to protect information privacy

  • FERPA protects privacy of all student educational records and financial information


Ferpa policies

FERPA Policies

  • Written policy – College Catalogue

  • Staff training; i.e., memos from Registrar’s Office to faculty & staff regarding FERPA policy

  • Information is shared on a “need to know” basis, i.e.:

    Audits

    Law enforcement officials (must have proper documentation and credentials)

    Contracted services (loan, collection agencies)

    Development Office


Rights guaranteed under ferpa

Rights Guaranteed under FERPA

  • Right to inspect and review educational records

  • Right to seek amendment of educational records

  • Right to have control over the disclosure of educational records

  • Right to file a complaint with ED for alleged failures of an institution’s compliance


What can be shared

MAY NOT SHARE

Social Security #

Student ID #

Race

Ethnicity

Nationality

Gender

What Can Be Shared?

  • MAY SHARE

    • Name

    • Address

    • telephone #

    • Major

    • DOB and location

    • Photo

    • Dates of attendance

    • School activities

    • Enrollment status

    • Most recent previous school attended


Dealing with parents

Dealing with Parents

  • Major differences between FAO policies and those of the Registrar

  • For the Registrar

    • Parents may have access to student records if:

      • They have obtained a SIGNED AND WRITTEN CONSENT or the student

      • If the student is under the age of 24 and was claimed by the parent in the prior tax year, the parent may access the students records after the student has been advised of the institution’s intention to release information to the parent. You must give the student adequate time to respond.

      • You must return the tax return to the parent. You do not have the right to keep it. Simply document that you checked it and that the student was claimed.

      • If the student objects, the parent must obtained a signed written consent before records may be released.

      • School must maintain records of the request and ANY disclosures


The fao and parents

The FAO and Parents

  • Parents of dependent students are afforded the right to access a student’s financial records.

  • This applies for Dependent students in terms of IRS dependency. NOT TIV aid terms.

  • FAOs may have student sign an annual waiver granting the parents access on an annual basis.


Dealing with spouses

Dealing with Spouses

  • FERPA does not recognize spouses therefore they must be treated as unrelated 3rd parties

  • As such, spouses have NO rights to a student’s educational or financial aid records.

  • Period end of discussion.


Glb extends ferpa

GLB extends FERPA

  • If your institution makes loans to parents and other individuals, you must also protect their privacy

  • These loans can include:

    PLUS

    Alternative Parent Loans


Safeguard rule

Safeguard Rule

  • Institutions must develop a written information security plan to protect customer information

  • Institutions must send privacy notices explaining the information-sharing practices to each customer


Safeguards rule expanded

Safeguards Rule Expanded

  • Must include plans to safeguard information against:

    • Natural Disaster

    • Human Error

    • Fraud

    • Data corruption

    • Theft (hardware, software, reports)

    • Unauthorized access


Safeguards rule cont

Safeguards Rule (cont)

  • Natural Disaster (Earthquake, hurricane, flood, tornado, etc.)

    • Is your data backed up in a remote location?

    • Do you lock your computer when you leave your work station during fire alarms – or any other time, for that matter!?


Safeguards rule cont1

Safeguards Rule (cont)

  • Deliberate Fraud

    • Must maintain a separation of duties

    • Conflict of interest policies must be observed

  • Human Error

    • Do you have audit trails and reports that can be used to reconstruct data


Safeguards rule cont2

Safeguards Rule (cont)

  • Data Corruption

    • Protect and secure access to data, i.e., limit query vs. update capability on a “need-to-do” basis, limit student worker access as needed

    • Anti-virus software must be maintained and applied

    • Institution must erect firewalls and develop protection against hackers


Safeguards rule cont3

Safeguards Rule (cont)

  • Must secure against theft of hardware, software and reports

    • Secure during non-business hours: offices locked, keys secured

    • Approved shredder: eliminates guess work in how to feed in documents


More safeguards

More Safeguards

  • Must protect against unauthorized access

    • Frequent password changes should be systematically required

    • Reports sent on a “need-to-know” basis

    • Computer privacy shields

    • Student ID card readers – prevents inappropriate overhearing of SIDs or SSNs


More safeguards1

More Safeguards

  • Communicating to students via e-mail:

    • Use student’s institutional e-mail address

    • Respond to non-institutional e-mail that an answer has been sent to the student’s institutional e-mail address

    • Respond to parent inquiries through student’s institutional e-mail and ask student to forward to parent

  • Mass e-mail communication to students should take student’s to a secure web site that protects their individual information


Whose responsible anyway

Whose Responsible Anyway?

  • Identify and involve all offices involved with loans or collection of data

    • FAO

    • Business Office

    • IT/Computer Systems

    • Development

    • Academic departments (scholarship applications)


Who s the compliance officer

Who’s the Compliance Officer?

  • Someone must be designated the institutional Compliance Officer

  • This function is usually assumed by the Business and Finance Division

    • At STLCOP our registrar is our CO

  • FAO responsibility rests in informing potential units of GLB responsibility


Fao glb policies

FAO GLB Policies

  • Shred all student-specific documents

  • Policy for identifying students and parents before sharing data

  • Refer non-student/parent requests (3rd party) to appropriate staff

  • Report computer problems immediately


Additional fao policies

Additional FAO Policies

  • Don’t share passwords. Problem: What do you do when an employee is absent and you need to access information on his/her computer?

  • Lock computers when leaving work area

  • Computer screens shielded from other students

  • No visitor left behind – or unattended!


Resources

Resources

  • US Department of Education

    • http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html

  • FSA Handbooks 05-06

    • Recordkeeping and Disclosure Chapter 2 156-164

  • The Blue Book

    • Chapter 7 Record Keeping and Disclosure pp 1-93 – 1-104

  • Ramirez, Clifford (2002) Managing the Privacy of Student Records, LRP Publications, Horsham PA


Contact information

CONTACT INFORMATION

Ginny D’Angelo

(800) 666-3910

Fax: (314) 514-6228

[email protected]

Leo Hertling

314/446-8321

fax# 314/446-8310

[email protected]


  • Login