Gramm-Leach-Bliley Act Update | New Rules and Regulations

The Gramm-Leach-Bliley Act (Act or GLBA) requires schools that participate in Title IV to comply with the standards for safeguarding student information as set forth in 16 CFR Part 314. Student information is defined as any record containing nonpublic personal information whether in the paper, electronic, or other forms that is handled by you or on behalf of you or your affiliates.

Prior to October 30, 2019, the September 2016 Guide for Audits of Proprietary Schools and for Compliance Attestation Engagements of Third-Party Servicers Administering Title IV Programs (For-Profit Guide) did not contain any audit steps for checking compliance. Similarly, until recently, neither did the Compliance Supplement for audits conducted under 2 CFR Part 200 (Uniform Guidance) for Single Audits which covers nonprofit institutions.

Because it was not required, we have not been auditing a school’s compliance with this regulation. However, an amendment to the For-Profit Guide has recently been issued in Dear CPA Letter 19-01 and guidance was issued in the 2019 Compliance Supplement to the Uniform Guidance for auditing the institution’s compliance with the Act .

This new guidance specifies that the auditor should determine whether the institution designated an individual to coordinate the school’s information security program, performed a risk assessment that addresses the three areas noted in 16 CFR 314.4 (b), and documented safeguards for each risk identified.

Sign Up for the McClintock Minute:

Access Our Favorite Resources:

Some other videos you might enjoy: