Re: GLBA: How are you handling it?

["Penn, Blake C" <blake.penn () SECURITY GATECH EDU>]

Forgot to mention, here's a nice cheat sheet for those who don't like to read federal regulations in their entirety 
(although I'm certainly not one of those people!):

https://www.ftc.gov/tips-advice/business-center/guidance/financial-institutions-customer-information-complying


From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Penn, Blake C
Sent: Thursday, 6 June, 2019 11:17
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] GLBA: How are you handling it?

Ask them to show you where:
https://www.sec.gov/about/laws/glba.pdf


Best regards,

Blake Penn
Information Security Policy and Compliance Manager
Cyber Security
Georgia Institute of Technology
(404) 385-5480

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Joey Rego
Sent: Thursday, 6 June, 2019 10:44
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] GLBA: How are you handling it?

Hi Everyone,

We are looking for some feedback on GLBA?  We recently were told by a vendor that under the GLBA Compliance for Title 
IV SFA Program that the following scenario would be considered a breach and the university would be responsible for 
notifying the DOE within 24 hours.

*         Does this seem correct?

*         If so how are you handling this specific scenario?

*         How are you handling sensitive information in the body of emails or files being shared from parents or 
students?

Consider this - has a parent every sent your institution an unencrypted copy of their tax return in an email?  Did you 
know that qualifies as a reportable breach under the regulations? Unreported breaches may also be subject to 
significant fines.

Any insights on your approaches would be appreciated.

Thank you

[http://lynnda/DesktopAuthorityConsole/Images/Upload/9fcddab6-8cf5-43af-97db-6d11a7f75a10/Lynn.jpg]

Joey Rego
Associate Director of Information Security
Information Technology
Lynn University
3601 North Military Trail
Boca Raton, FL 33431
T: +1 561-237-7982
jrego () lynn edu<mailto:jrego () lynn edu>
+1 561-237-7000 | lynn.edu<http://www.lynn.edu/> | give.lynn.edu<http://give.lynn.edu/>

Beware of Phishing and Spam
https://www.lynn.edu/news/2019/beware-of-phishing-and-spam

Protect your data and your presence online. Learn more.
http://staysafeonline.org/data-privacy-day/privacy-tips/<https://urldefense.proofpoint.com/v2/url?u=http-3A__staysafeonline.org_data-2Dprivacy-2Dday_privacy-2Dtips_&d=DwMFAg&c=tSGu_Pc6mPnB6zIYTZr3Sw&r=zzPEtvSCalM4JZ1u3Q8b-q2EUyQDXQ5pr60nTVXP31w&m=GV34BaXJReARow9IMermz-oMV9q1ftmpnCUczUvdgcQ&s=9q30UYB8IQfyvTSJT1LU1Q-h0Z59jU03mkQnso8j0kw&e=>
Remember !!
Lynn University IT Support Personnel will never ask for your password as part of any support interaction.


This email is intended for the designated recipient only, and may be confidential, non-public, proprietary, protected 
by the attorney/client or other privilege. Unauthorized reading, distribution, copying or other use of this 
communication is prohibited and may be unlawful. Receipt by anyone other than the intended recipients should not be 
deemed a waiver of any privilege or protection. If you are not the intended recipient or if you believe that you have 
received this email in error, please notify the sender immediately and delete all copies from your computer system 
without reading, saving, or using it in any manner. Although it has been checked for viruses and other malicious 
software, malware, we do not warrant, represent or guarantee in any way that this communication is free of malware or 
potentially damaging defects. All liability for any actual or alleged loss, damage, or injury arising out of or 
resulting in any way from the receipt, opening or use of this email is expressly disclaimed.