Every higher education institution that offers Title IV funding must enter into the Student Aid Internet Gateway (SAIG) Enrollment Agreement. As a financial aid director, do you know what the SAIG Agreement means for your department, specifically in regard to data security? Not knowing could be very costly for your school. Below we discuss important SAIG Agreement provisions and how to uphold them.
Cost of Unprotected Information
If your school offers federal funding such as Direct Subsidized/Unsubsidized Loans, PLUS loans or Federal Pell Grants, you must agree to provisions in the SAIG agreement, including the one that states your institution must
“ensure that all Federal Student Aid applicant information is protected from access by or disclosure to unauthorized personnel.”
In a Dear Colleague letter, the FSA states that in addition to the SAIG Agreement, it “requires institutions to comply with the Gramm-Leach-Bliley Act. Under Title V of the Gramm-Leach-Bliley Act, financial services organizations, including institutions of higher education, are required to ensure the security and confidentiality of customer records and information.”
If schools do not ensure the safety of student data related to Student Aid applications, they may be responsible for losses, fines and penalties (including criminal penalties) caused by data breaches.
Are Higher Ed Schools Being Hacked?
Postsecondary institutions are the target of many attempted – and successful – data breaches. According to this infographic about higher ed data security, the Education industry has the second largest number of reported breaches, and 77% of those incidents occurred at higher ed schools.
What Information is at Risk and Why?
And it’s no wonder that hackers are targeting higher ed institutions. College and university financial aid departments require a vault of sensitive information from students and parent applicants in order to assess their eligibility for student aid, including
- Drivers’ license number
- Social security number
- Tax transcripts
- Proof of residency
This information used to be submitted with paper applications that were either mailed or handed in to the financial aid office. In 2013-14, 99% of FAFSA applications were completed online, according to this infographic about FAFSA. Documents are also often submitted via email for follow-up processes like FAFSA verification and SAP appeals.
The issue? Email is not secure and can easily be hacked.
If email was secure, the IRS would have you just email over your tax paperwork every year. Instead, you complete your taxes and either send them in via certified mail or submit them electronically on a secure, data encrypted website like TurboTax.
So what should you do?
To assist schools maintaining the security of student information, Federal Student Aid (FSA) encourages institutions to implement the following standards and practices:
- Assess the risk and magnitude of harm that could result from unauthorized access, use, disclosure, disruption, modification or destruction of information or information systems;
- Determine the levels of information security appropriate to protect information and information systems;
- Implement policies and procedures to cost-effectively reduce risks to an acceptable level; and
- Regularly test and evaluate information security controls and techniques to ensure effective implementation and improvement of such controls and techniques.
Implementing these standards and practices – while extremely important – is easier said than done. This is why the FSA recommends that institutions collaborate with “other organizations dedicated to protection of information systems and the sensitive data they process.”
An Easier Way
We recommend something easier: CampusLogic’s cloud-based software solutions.
StudentVerification and StudentDocuments allow schools to accept document submissions from students via secure, data encrypted platforms.
Our government-grade data encryption and two-step authentication ensure that student information is accessed by only those who should be accessing it.
We have made security a priority, and we our developers and data security experts are dedicated to building a platform where all your students’ data will be safe.
To learn more, fill out our contact form.
If you want to improve your department’s security but you’re not ready to move forward with CampusLogic, check out the checklist and tips we provide in the helpful blog Financial Aid Directors Can Prevent Data Security Breaches.