LETU maintains a security awareness program for Title IV data led by the Senior Director of Student Financial services that includes:
- Annual documented training of all personnel handling Title IV data
- Annual review of this program
- Implementation of the Data Loss Prevention (DLP) systems
Training for personnel shall include at a minimum:
- Understanding of Student Aid Internet Gateway (SAIG) agreement response to a suspected or known breach (How do I report a Breach)
- How to ensure that all users are aware of and comply with all of the requirements to protect and secure data from Departmental sources using SAIG
- The Student Aid Internet Gateway (SAIG) Agreement requires that as a condition of continued participation in the federal student aid programs Title IV schools report suspected/actual data breaches
- Title IV schools must report on the day of detection when a data breach is even suspected
- The Department has the authority to fine institutions that do not comply with the requirement to self-report data breaches; up to $54,789 per violation per 34 C.F.R. § 36.2
- The Department has reminded all institutions of this requirement through Dear Colleague Letters (GEN 15-18, GEN 16-12), electronic announcements, and the annual FSA Handbook.
- Understanding of PII and the LETU Data Classification Policy
- Acceptable Use of Technology Systems at LETU
- Documentation of agreement to all of the above