Educause Security Discussion mailing list archives
Re: GLBA: How are you handling it?
From: AIS <ais () REINHARDT EDU>
Date: Thu, 6 Jun 2019 16:43:17 +0000
Anyone attending this GDPR webinar today? https://www.campusconsortium.org/campus-consortium-edtalk-on-gdpr-compliance-risks-exposure-and-mitigation-in-higher-ed-smo/ Ajit Singh CIO Reinhardt University From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Penn, Blake C Sent: Thursday, June 6, 2019 11:30 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] GLBA: How are you handling it? Forgot to mention, here's a nice cheat sheet for those who don't like to read federal regulations in their entirety (although I'm certainly not one of those people!): https://www.ftc.gov/tips-advice/business-center/guidance/financial-institutions-customer-information-complying From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Penn, Blake C Sent: Thursday, 6 June, 2019 11:17 To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] GLBA: How are you handling it? Ask them to show you where: https://www.sec.gov/about/laws/glba.pdf Best regards, Blake Penn Information Security Policy and Compliance Manager Cyber Security Georgia Institute of Technology (404) 385-5480 From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Joey Rego Sent: Thursday, 6 June, 2019 10:44 To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] GLBA: How are you handling it? Hi Everyone, We are looking for some feedback on GLBA? We recently were told by a vendor that under the GLBA Compliance for Title IV SFA Program that the following scenario would be considered a breach and the university would be responsible for notifying the DOE within 24 hours. * Does this seem correct? * If so how are you handling this specific scenario? * How are you handling sensitive information in the body of emails or files being shared from parents or students? Consider this - has a parent every sent your institution an unencrypted copy of their tax return in an email? Did you know that qualifies as a reportable breach under the regulations? Unreported breaches may also be subject to significant fines. Any insights on your approaches would be appreciated. Thank you [http://lynnda/DesktopAuthorityConsole/Images/Upload/9fcddab6-8cf5-43af-97db-6d11a7f75a10/Lynn.jpg] Joey Rego Associate Director of Information Security Information Technology Lynn University 3601 North Military Trail Boca Raton, FL 33431 T: +1 561-237-7982 jrego () lynn edu<mailto:jrego () lynn edu> +1 561-237-7000 | lynn.edu<http://www.lynn.edu/> | give.lynn.edu<http://give.lynn.edu/> Beware of Phishing and Spam https://www.lynn.edu/news/2019/beware-of-phishing-and-spam Protect your data and your presence online. Learn more. http://staysafeonline.org/data-privacy-day/privacy-tips/<https://urldefense.proofpoint.com/v2/url?u=http-3A__staysafeonline.org_data-2Dprivacy-2Dday_privacy-2Dtips_&d=DwMFAg&c=tSGu_Pc6mPnB6zIYTZr3Sw&r=zzPEtvSCalM4JZ1u3Q8b-q2EUyQDXQ5pr60nTVXP31w&m=GV34BaXJReARow9IMermz-oMV9q1ftmpnCUczUvdgcQ&s=9q30UYB8IQfyvTSJT1LU1Q-h0Z59jU03mkQnso8j0kw&e=> Remember !! Lynn University IT Support Personnel will never ask for your password as part of any support interaction. This email is intended for the designated recipient only, and may be confidential, non-public, proprietary, protected by the attorney/client or other privilege. Unauthorized reading, distribution, copying or other use of this communication is prohibited and may be unlawful. Receipt by anyone other than the intended recipients should not be deemed a waiver of any privilege or protection. If you are not the intended recipient or if you believe that you have received this email in error, please notify the sender immediately and delete all copies from your computer system without reading, saving, or using it in any manner. Although it has been checked for viruses and other malicious software, malware, we do not warrant, represent or guarantee in any way that this communication is free of malware or potentially damaging defects. All liability for any actual or alleged loss, damage, or injury arising out of or resulting in any way from the receipt, opening or use of this email is expressly disclaimed.
Current thread:
- GLBA: How are you handling it? Joey Rego (Jun 06)
- Re: GLBA: How are you handling it? Penn, Blake C (Jun 06)
- Re: GLBA: How are you handling it? Penn, Blake C (Jun 06)
- Re: GLBA: How are you handling it? AIS (Jun 06)
- Re: GLBA: How are you handling it? Penn, Blake C (Jun 06)
- Re: GLBA: How are you handling it? Jarret Cummings (Jun 06)
- Re: GLBA: How are you handling it? Mark Purcell (Jun 06)
- Re: GLBA: How are you handling it? Jarret Cummings (Jun 06)
- Re: GLBA: How are you handling it? Jarret Cummings (Jun 07)
- Re: GLBA: How are you handling it? Mark Purcell (Jun 06)
- Re: GLBA: How are you handling it? Penn, Blake C (Jun 06)