(GENERAL-23-09) Updates to the Gramm-Leach-Bliley Act Cybersecurity Requirements

Postsecondary institutions and third-party servicers must protect student financial aid information provided to them by the Department or otherwise obtained in support of the administration of the Federal student financial aid programs (Title IV programs) authorized under Title IV of the Higher Education Act of 1965, as amended (HEA). Each institution that participates in the Title IV programs has agreed in its Program Participation Agreement (PPA) to comply with the GLBA Safeguards Rule under 16 C.F.R. Part 314. Institutions and servicers also sign the Student Aid Internet Gateway (SAIG) Enrollment Agreement, which states that they will ensure that all Federal Student Aid applicant information is protected from access by, or disclosure to, unauthorized personnel, and that they are aware of and will comply with all of the requirements to protect and secure data obtained from the Department’s systems for the purposes of administering the Title IV programs.