Institutions of higher education manage a high volume and variety of personal information, including education records, financial aid and account information, payment data, health information and government data. As a result of the breadth and nature of business operations at higher education institutions, as well as faculty, staff, students and alumni located in many states and countries, institutions are subject to a variety of legal and regulatory compliance requirements for data protection. It is critical for internal audit and compliance professionals to understand where high-risk data resides at the institution, how to address multiple compliance requirements, and ultimately, how to protect the institution’s data.
This webinar reviewed cybersecurity related laws, regulations and requirements applicable to higher education institutions and discussed how these regulations may impact institutional data. Methodologies were highlighted to determine where high-risk data lies within your institution and potential approaches to audit security and protection of this data.
Attendees should be able to do the following upon conclusion of the webinar:
- Understand the impact of cybersecurity and information privacy requirements, including:
- Family Educational Rights and Privacy Act (FERPA)
- Federal Information Security Management Act (FISMA)
- Gramm-Leach-Bliley Act (GLBA)
- Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act
- Payment Card Industry (PCI) Data Security Standard (DSS)
- Assess where the cybersecurity and information privacy requirements above overlap, and how this impacts your institution
- Apply leading practice strategies for evaluating where high-risk data lies at your institution and how it is protected
Download the presentation and handouts:
For more information on this topic, or to learn how Baker Tilly professional services specialists can help, contact our team.