Security Awareness Program: Title IV Data

• Annual documented training of all personnel handling Title IV data
• Annual review of this program
• Implementation of the Data Loss Prevention (DLP) systems

Training for personnel shall include at a minimum:

• Understanding of Student Aid Internet Gateway (SAIG) agreement response to a suspected or known breach (How do I report a Breach)
• How to ensure that all users are aware of and comply with all of the requirements to protect and secure data from Departmental sources using SAIG
  • The Student Aid Internet Gateway (SAIG) Agreement requires that as a condition of continued participation in the federal student aid programs Title IV schools report suspected/actual data breaches
  • Title IV schools must report on the day of detection when a data breach is even suspected
  • The Department has the authority to fine institutions that do not comply with the requirement to self-report data breaches; up to $54,789 per violation per 34 C.F.R. § 36.2
  • The Department has reminded all institutions of this requirement through Dear Colleague Letters (GEN 15-18, GEN 16-12), electronic announcements, and the annual FSA Handbook.  
• Understanding of PII and the LETU Data Classification Policy (Policy 6.2)
• Acceptable Use of Technology Systems at LETU (Policy 6.1)
• Documentation of agreement to all of the above