Safeguards in Action: A Practical Roadmap for GLBA Compliance, Risk, and Communication (separate registration is required)

Tuesday, April 28, 2026 | 8:00AM–4:00PM PT | Pacific Ballroom A, Second Floor
Session Type: Preconference Workshop
Delivery Format: Additional Fee Program

Universities increasingly function as "financial institutions" under the Gramm-Leach-Bliley Act (GLBA), requiring demonstrable protection of nonpublic personal information and clear accountability for information security programs. The Federal Trade Commission's (FTC) amended Safeguards Rule now specifies key expectations, including designating a Qualified Individual, risk assessments tied to controls, continuous monitoring or routine testing, vendor oversight, multifactor authentication and encryption, board reporting, and incident reporting to the FTC for certain breaches. This all raises the bar on how higher education implements and evidences compliance. 

This full-day, hands-on workshop will focus on all three pillars of GLBA?Safeguards, Privacy, and Pretexting?bringing together cybersecurity and privacy professionals to collaborate on practical solutions that strengthen compliance and protect institutional data. Attendees will use worksheets and templates to inventory what already exists, identify essential stakeholders, and map responsibilities. We will compare risk assessment methodologies and demonstrate how to leverage existing practices (e.g., FERPA processes, audit cycles, HECVAT/vendor reviews) without duplicating efforts. We will practice communication strategies to gain allies, secure leadership support, and prepare board-level updates. Participants will leave with a starter roadmap, prioritized action items, and artifacts they can immediately use on campus. 

Interactive roundtables will surface what peers are doing, common pitfalls, and practical ways to demonstrate institutional value?protecting students, enabling operations, and meeting Title IV expectations. 

By the end of this workshop, participants will be able to:

  • Define and structure a GLBA compliance program that addresses Safeguards, Privacy, and Pretexting, and identify key stakeholders and responsibilities.
  • Apply risk assessment methodologies to prioritize controls and leverage existing campus processes for efficiency and compliance.
  • Develop a practical roadmap and communication strategies to gain leadership support, engage privacy and security teams, and prepare board-level updates.

Presenters

  • Elizabeth Cole-Walker

    Information Security Specialist, North Carolina State University
  • Wendy Epley

    Associate Director of Cybersecurity, Arizona State University
  • Jason Klinger

    Security Advisor, CampusGuard
  • Anne Koors

    Lead Security Analyst, Northeast Wisconsin Technical College
  • Greg Lewis

    Security Advisor, CampusGuard
  • Tim Schwab

    Chief Information Security Officer, The University of Arizona