Gramm-Leach-Bliley Act (GLBA) Compliance Program
The Gramm-Leach-Bliley Act, (GLBA) addresses safeguarding and maintaining the confidentiality of customer information held in the possession of financial institutions such as banks and investment companies. GLBA contains no exemption for colleges or universities. As a result, educational entities that engage in financial activities, such as processing student loans, are required to comply.
In order to continue to protect private information and data and to comply with the provisions of the Federal Trade Commission's safeguard rules implementing applicable provisions of the GLBA, the University has adopted this Compliance Program for certain highly critical and private financial and related information. The Compliance Program forms part of the overall strategic information security program of the University. This program applies to customer financial information (covered data) the University receives during business as required by GLBA as well as other confidential financial information the University has voluntarily chosen as a matter of policy to include within its scope.
GLBA Compliance Program
The GLBA Compliance Program covers the entirety of the activities and practices of the following offices and individuals:
- Academic and administrative offices that handle electronic or printed personnel records, financial records, transactional records, or student records.
- Academic and administrative offices that transmit confidential information (protected data) to off-site locations as part of a periodic review or submission requirement.
- Centers and Institutes that provide services and acquire personal or financial information from participants or constituents.
- Faculty serving as directors, coordinators, principal investigators, or program directors for programs collecting protected data.
- Faculty, staff, and administrators with contracts to use, access, or provide protected data to or receive from a non-campus entity (e.g., government databases, science databases).
Categories of Information under the Plan
Student Financial Information: Information that the University has obtained from a student in the process of offering a financial product or service, or such information provided to the University by another financial institution.
Personal Identifiable Information (PII): Also known as protected information, which is personal data on or about the individual
Financial Information: Information that the University has obtained from employees, alumni, auxiliary agencies, patrons, external program participants, or the like in the process of offering a financial product or service or conducting a program