The GLBA / FTC Safeguards Compliance Date is Here (June 9, 2023)
If you are thinking this June 9th is just another spring Friday, perhaps you should stick around and find out what all the excitement is about. Or you may be saying, “I know exactly what June 9th means, GLBA updates have been on my backlog for months.”
While compliance with the new safeguards for most higher education institutions is required, you more than likely still have time to make meaningful progress towards compliance. If you are just beginning, understanding your gaps and then developing a reasonable roadmap is a foundational first step. No matter where you are in the process, it is time to act.
The Federal Trade Commission (FTC) made updates to the FTC Safeguards Rule in 2021 (16 CFR Part 314), which provides guidance for financial institutions on safeguards for customer financial information. This does include higher education institutions as well. According to the Department of Education Federal Student Aid Office (FSA):
“Institutions or servicers provide a financial service when they, among other things, administer or aid in the administration of the Title IV programs; make institutional loans, including income share agreements; or certify or service a private education loan on behalf of a student. “ (FSA 2023)
The original due date was December 9, 2022, but the FTC extended the compliance date to June 9, 2023. Despite the extension, non-compliance could eventually put Title IV aid to students in jeopardy at your institution.
What You Need to Know
Some key requirements in the FTC Safeguards Rule that you need to be aware of include:
- Identify a qualified individual for program oversight.
- Conduct regular risk assessments and adapt the program according to results.
- Implement appropriate controls such as encryption, MFA, and access controls.
- Monitor controls and have a plan to respond to security incidents.
- Report on the effectiveness of the compliance program to the board of trustees or regents.
What You Need To Do
- Assess the current state of your GLBA compliance program and identify gaps due to Safeguards updates (or changes in your environment).
- Put together a roadmap and actionable plan to address your gaps.
- Prioritize your roadmap based upon the highest risks to student/family financial information.
- Communicate your plan to institutional leadership and get the necessary buy-in and support.
MTC works with higher education institutions to build mature compliance and security programs and we have been assisting our clients to identify gaps in their GLBA programs, develop tailored and actionable roadmaps, and achieve compliance. If you need assistance, Contact Us.
Adam Vedra is Chief Information Security Officer & Senior Cyber Security Consultant with MTC. Adam has worked in higher education IT & Security for over 20 years, delivering tailored security and compliance programs.
 Federal Student Aid – General 23-09