GLB Act Resource Page
Compliance with the FTC Safeguarding Rule Promulgated Under the Gramm-Leach-Bliley Act
The regulations under 16 CFR Part 314, published in May 2002 (May 23 Federal Register, p. 346484), stem from the Gramm-Leach-Bliley Act (the GLB Act or the Act) mandates extensive new privacy protections for consumers. The GLB Act requires financial institutions to take steps to ensure the security and confidentiality of customer records such as names, addresses, phone numbers, bank and credit card account numbers, income and credit histories, and Social Security numbers. The compliance deadline for the safeguard rule was May 23, 2003.
The GLB Act broadly defines “financial institution” as any institution engaging in the financial activities enumerated under the Bank Holding Company Act of 1956, including “making, acquiring, brokering, or servicing loans” and “collection agency services.” Because higher education institutions participate in financial activities, such as making Federal Perkins Loans, FTC regulations consider them financial institutions for GLB Act purposes.
The GLB Act spells out several specific requirements regarding the privacy of customer financial information. Following passage of the Act, NACUBO and other higher education associations worked to have colleges and universities exempted from the jurisdiction of FTC because they did not fit the typical definition of a financial institution under the GLB Act. As a result, under regulations promulgated in May 2000, colleges and universities are deemed to be in compliance with the privacy provisions of the GLB Act if they are in compliance with the Family Educational Rights and Privacy Act (FERPA). However, higher education institutions are subject to the provisions of the Act related to the administrative, technical, and physical safeguarding of customer information.
NACUBO's Advisory Report 2003-01 can provide you with a summary and explanation of the FTC final regulations related to the safeguarding of customer information. Compliance deadline: May 23, 2003
- Model Policy #1: Sample A
- Model Policy #2: Catholic University
- Model Policy #3: University of Minnesota (Draft)
- Model Policy #4: Sample B
- Model Policy #5: Shenandoah University
- Notes from May 8 Meeting with FTC Officials
- Notes from COHEAO meeting with FTC Officials on April 23, 2003
Resources
- Catholic University of America, Office of the General Counsel
- Cornell Information Technology Policies
- Federal Trade Commission (FTC) pages on GLB:
- International Association of Privacy Professionals
- Internet2 Middleware Initiative
- Information Security Risk Evaluation at the CERT Coordination Center at Carnegie Mellon
Stay Current
Latest Headlines
Learn
Upcoming Events
- CAO and CBO Collaborations: Leveraging Institutional Capacity to Impact Effectiveness
August 5-6, 2013 - 2013 Planning and Budgeting Forum
September 16-17, 2013
Distance Learning
- WEBCAST: The Higher Education Accounting Forum Online
Wednesday, May 29, 2013 10:00 AM - 5:00 PM ET - WEBCAST: Improve Your NFP Audit and Accounting Guide IQ
Wednesday, June 26, 2013 1:00 PM ET - ON-DEMAND: OD: The Cashless and Paperless Business Office
- ON-DEMAND: Affordable Care Act: Implementation Roadmap for Colleges and Universities
Read
Business Officer
Publications
- A Guide to College and University Budgeting: Foundations for Institutional Effectiveness, 4th ed. - by Larry Goldstein
- NACUBO's Guide to Unitizing Investment Pools - by Mary S. Wheeler
- Managing and Collecting Student Accounts and Loans - by David R. Glezerman and Dennis DeSantis
Connect
NACUBO Opportunities
