Under the Gramm Leach Bliley Act, Higher Education Institutions are required to report any and all data breaches to the Department of Education within 24 hours of discovery.
What is a breach? A breach is any unauthorized disclosure, misuse, alteration, destruction, or other compromise of sensitive information. A breach can be non-electronic, mishandled documents, verbal or visual disclosure of personal information. If can be electronic – hacking, malware, ransomware and phishing.
Detect and report: once an employee of Greenville University Detects or learns of a Data Breach, they need to report this information to Information Technology - Coordinator for Campus Services & Solutions. Via email to ITSupport@greenville.edu.
The Coordinator for Campus Services & Solutions will work the Financial Aid Director and Assistant Director to make a timely data breach report to the Department of Education the same day that the institution is aware of the breach. (24 hour deadline, no exceptions)
The report should include:
1.) Date of the breach (known or suspected)
2.) Impact of the breach (number of records, number of students, etc.)
3.) Method of the breach (hack, accidental, disclosure, etc.)
4.) Information Security program point of contact (email and phone of GU IT Employee is required)
5.) Remediation status (with detail)
6.) Next Steps (as needed)
The Financial Aid office will then submit the report to the Department of Education via the CPS SAIG email box email@example.com and Security Operation Center 202-245-6550.