ULM fails to meet federal cyber safety requirements

Audit reports student privacy may not be adequately protected

In its most recent audit, the Louisiana Legislative Auditor discovered ULM may not have done enough to protect student privacy. 

Although no allegation of a student data breach has been issued, ULM doesn’t meet federal requirements set by the Gramm-Leach-Bliley Act in 1999. 

The act requires financial institutions to explain their information-sharing practices to their customers and to safeguard their data. 

ULM already has safeguards in place through Banner and annual employee training. However, the safeguards have yet to be formally identified. 

According to the LLA report, ULM must submit “a formal documented risk assessment” to meet the requirements.   

Before the LLA report was issued, ULM contracted an external independent firm to conduct the missing risk assessment, according to Vice President Michael Camille of Information Services and Student Success. 

The assessment should be complete by May 31. Camille ensures ULM will “go over the recommendations in the report and address every risk.”

ULM’s Office of Information Technology collaborates with other universities in the Louisiana System to choose the best practices for securing student data, according to Camille. 

Also, systems used by the university, like Banner, are monitored by multiple outside security authorities. 

Chance Eppinette, the director of Information Technology, said he thinks the university’s current safeguards are strong enough but the final risk assessment report is needed to be certain. 

 “ULM is always looking to identify new opportunities to enhance our security methods,” Eppinette said. 

The decision to add new security precautions will depend on the results of the assessment, according to Eppinette.