My NacuboWhy Join: Benefits of Membership

E-mail:   Password:   

 Remember Me? | Forgot password? | Need an online account?

Business and Policy Areas
Business and Policy Areas

GLBA Resources

Compliance with the FTC Safeguarding Rule Promulgated Under the Gramm-Leach-Bliley Act

The regulations under 16 CFR Part 314, published in May 2002 (May 23 Federal Register, p. 346484), stem from the Gramm-Leach-Bliley Act (GLBA) mandates extensive new privacy protections for consumers. The GLBA requires financial institutions to take steps to ensure the security and confidentiality of customer records such as names, addresses, phone numbers, bank and credit card account numbers, income and credit histories, and Social Security numbers. The compliance deadline for the safeguard rule was May 23, 2003.

The GLBA broadly defines “financial institution” as any institution engaging in the financial activities enumerated under the Bank Holding Company Act of 1956, including “making, acquiring, brokering, or servicing loans” and “collection agency services.” Because higher education institutions participate in financial activities, such as making Federal Perkins Loans, FTC regulations consider them financial institutions for GLBA purposes.

The GLBA spells out several specific requirements regarding the privacy of customer financial information. Following passage of the Act, NACUBO and other higher education associations worked to have colleges and universities exempted from the jurisdiction of FTC because they did not fit the typical definition of a financial institution under the GLBA. As a result, under regulations promulgated in May 2000, colleges and universities are deemed to be in compliance with the privacy provisions of the GLBA if they are in compliance with the Family Educational Rights and Privacy Act (FERPA). However, higher education institutions are subject to the provisions of the Act related to the administrative, technical, and physical safeguarding of customer information.

NACUBO's Advisory Report 2003-01 can provide you with a summary and explanation of the FTC final regulations related to the safeguarding of customer information. Compliance deadline: May 23, 2003