Top Left of Page Image   Top Right of Page Image
 
Maricopa Community Colleges >> Business Services Division
Banner Image
students community employees news

News

2006/2007 Comprehensive Annual Financial Report
Monday, February 25, 2008...The 2006/2007 Comprehensive Annual Financial Report (CAFR) is available for download. You can download it at http://www.maricopa.edu/business/ reporting/cafr0607.pdf

 

Gramm Leach Bliley Act
& College Records

The Gramm Leach Bliley Act (GLBA) was enacted in 2000. The purpose of the regulation was to repeal the prohibition on banks to engage in certain financial transactions, such as securities brokerage.  Included in this law were new privacy requirements for customer information collected by financial institutions. 

In 2003, the Federal Trade Commission (“FTC”) ruled that Colleges and Universities could be considered financial institutions under GLBA because of their involvement in making student loans and other interest transactions.  If a higher education institution is in compliance with FERPA, the only section of GLBA applicable to the institution is the safeguarding provision.

Guidelines

Section 314.3 – Standards for Safeguarding Customer Information: 

  1. You shall develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue.


  2. The objectives of the Act are to:
  • Insure security and confidentiality of customer information
  • Protect against any anticipated threats or hazards to the security or integrity of such information
  • Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.

Section 314.4 – Elements:

Framework for developing, implementing, and maintaining the required safeguards.

  • Requires MCCCD to designate and employee or employees to coordinate its information security program in order to ensure accountability and achieve adequate safeguards.

    MCCCD meets this requirement through the department of District Network and Security Support Services.

    Access to the computing and information resources maintained at the District Support Services Center is provided for employees to support the district’s mission of education, research, and public service. Access to computing resources is a privilege and may be limited or restricted based upon need.

    It is the responsibility of Security Services to safeguard the confidential information of Maricopa Community Colleges, its employees, and students. The sensitivity of this information obligates users to respect the rights of others with regard to privacy and confidentiality. Everyone having access to MCCCD computing resources is bound by federal, state, and local laws relating to copyrights, security, and any other statutes regarding the use of electronic media.

The District Network and Security website can be viewed at:

MCCCD District Network and Security Support Services Web Page

  • Requires MCCCD to identify reasonably foreseeable internal and external risks to customer information.

The following elements are to be considered.

  • Employee Training and Management.

MCCCD meets this requirement through the Custodian of Record Accountability Document of Interest from the Office of the CIO which states:

Designated custodian of records should ensure that employees have access to district and/or college information systems and records as needed to perform their jobs or to achieve the lawful stated aims of a division executive. Custodian of Records should be familiar with the institutional ramifications of data access, security, quality and analysis, and should be cognizant of the state and federal regulatory mandates applicable to the category of data for which they are responsible.

The complete Custodian of Record Accountability Document of Interest can be viewed at:

Custodian of Record Accountability

  • Information systems, including network and software design, as well as transmission and disposal.

MCCCD meets this requirement through the Management and Protection of Data Document of Interest from the Office of the CIO which:

Explains and defines the standards, behaviors, and recommendations for management and protection of Confidential Data aimed at minimizing the potential risks of data compromise which may exist as a consequence of sharing Confidential Data between and among Maricopa entities, or as a result of routine client/server interaction.

The complete Management and Protection of Data Document of Interest can be viewed at:

Management and Protection of Data

  • Detecting, preventing and responding to attacks, intrusions, or other system failures

MCCCD meets this requirement through the MCCCD Data Access and Appropriate Use Best Practices Document of Interest from the Office of the CIO.

Maricopa County Community College District (MCCCD) recognizes its affirmative and continuing need to protect confidential employee and student data and to maintain the confidentiality of that data.
The MCCCD Data Access and Appropriate Use Best Practice establishes appropriate and reasonable administrative, technical and physical safeguards designed to:

• ensure the security and protection of confidential information in its custody, whether in electronic, paper, or other forms;
• protect against any anticipated threats or hazards to the security or integrity of such
confidential information; and
• protect against unauthorized access to or use of such confidential information.
• define standards for obtaining access to data
• define limitations of access and appropriate use of data

The complete MCCCD Data Access and Appropriate Use Best Practices Document of Interest can be viewed at:

Data Access and Appropriate Use

  • Overseeing service providers.

MCCCD meets this requirement through the Reasonable Protection Document of Interest from the Office of the CIO.  This Document of Interest states:

Due Diligence of Service Providers -The adequacy of the service provider's system of safeguarding information should be determined prior to Maricopa or any of its subdivisions entering into a contractual relationship with the service provider. Maricopa or any of its subdivisions should not contractually engage a service provider who cannot demonstrate that they have a system to safeguard the confidential information that they manage, receive or transfer on behalf of Maricopa. Depending on the service provider, Maricopa may wish to review the service provider's audits, summaries of its test results for security, or other internal and external evaluations. Maricopa or any of its subdivisions should not enter into contractual agreement with any provider who is not capable of maintaining appropriate safeguards for confidential information.

Service Provider Agreements - All contracts with service providers should include a privacy clause which requires the service provider to implement appropriate measures to safeguard confidential information and to refrain from sharing any such information with any other party.

Contracts should, when appropriate, include the requirement that in addition to the Maricopa insurance requirements for service agreements, the service provider indemnify Maricopa from financial loss or expense resulting from any requirement to notify victims of security breaches and or any related cost for credit monitoring, or general communication related to the breach of such data.

The complete Reasonable Protection Document of Interest can be viewed at:

Reasonable Protection

Questions or comments?
Contact Carl Ward @ 480.731.8869
Blue Bar Image
28-jul-08 disclaimerfeedback
Maricopa Community Colleges
Google Image
WWW MCCCD Dist. Office
2411 West 14th Street · Tempe, AZ · 85281
 
Bottom Left of Page Image   Bottom Right of Page Image