GRAMM LEACH BLILEY ACT TO DO LIST
Contributed by Meg Galletly, Attorney Fellow at George Washington University
- Scope of covered material (for policy/program purposes) – GLB v. FERPA
- Which departments have this material?
- Staff/Administrative – Departments
- Registrar
- Financial Aid
- Alumni Development Office (Reg. Y)
- Human Resources/Benefits (Reg. Y)
- Credit Card Affiliations (?)
- ISS
- Faculty/Students – Departments
- Professional Schools
- Graduate Schools
- Undergraduate Schools
- Certificate Programs
- Professional Development Program
- What are their current policies and procedures?
- Who has access?
- What and/or how much do they have access to?
- How do they protect it?
- In the filing cabinet?
- While in use?
- Identify Service Providers
- Who has access to GLB and/or FERPA covered information?
- Check contracts to see what language they contain.
- Develop and send form “amendments” stating that they are GLB compliant, etc.
- Identify “reasonably foreseeable internal and external risks”
- Implement safeguards
- Hard copies (current/in use)
- Limiting access
- Colored folders? Marked papers?
- Locked filing cabinets – always locked? Locked at night?
- Hard copies (storage)
- Stored by us
- Stored by service provider (contractual)
- Electronic copies
- Stored on local v. server
- Transmitting documents
- Email – content
- Frequency of “Periodic” Evaluations/Risk Assessments:
- Computer/Technology Risk Assessment – Quarterly (includes monitoring and testing)
- Data access procedures – Annual
- Training program – Annual
- Overall Security Program/Policy – Annual
- Designate Information Security Plan Coordinator
- Develop training program – Human Resources?
- Annually
- Who gets trained? Departmental heads? EVERYONE???
- Develop incident response
- Hard copy
- Electronic copy
- Employee background checks
- Limited by department
- Limited by position and/or access to financial or personal data
Links updated 6/30/08 rab
Last Revised 30-Jun-08 04:46 PM.
|
