Skip to content Menu

Advisory Report

NACUBO's Advisory Report 2003-01 includes a summary explanation of the Federal Trade Commission's final regulations on safeguarding consumer information.

Download Report

The FTC Safeguards Rule Promulgated Under the Gramm-Leach-Bliley Act

To protect student information, colleges and universities are required to comply with the Safeguards Rule of the Gramm-Leach-Bliley Act (GLBA). By existing law and regulation, the Federal Trade Commission (FTC) is the Safeguard Rule enforcement agency. However, in 2017, NACUBO learned that the Department of Education has proposed adding a GLBA compliance check to the audit requirements for the student financial cluster under the Single Audit Act. NACUBO will update this page as information develops about the new audit requirement.

FTC regulations under 16 CFR Part 314, published in May 2002, mandate extensive new privacy protections for consumers stemming from the Gramm-Leach-Bliley Act. The GLBA requires financial institutions to take steps to ensure the security and confidentiality of customer records such as names, addresses, phone numbers, bank and credit card account numbers, income and credit histories, and Social Security numbers. The compliance deadline for the safeguards rule was May 23, 2003.

The GLBA broadly defines “financial institution” as any institution engaging in the financial activities enumerated under the Bank Holding Company Act of 1956, including “making, acquiring, brokering, or servicing loans” and “collection agency services.” Because higher education institutions participate in financial activities, such as making Federal Perkins Loans, FTC regulations consider them financial institutions for GLBA purposes.

The GLBA spells out several specific requirements regarding the privacy of customer financial information. Following its passage, NACUBO and other higher education associations worked to have colleges and universities exempted from the jurisdiction of the FTC because they did not fit the typical definition of a financial institution under the GLBA. As a result, under regulations promulgated in May 2000, colleges and universities are deemed to be in compliance with the privacy provisions of the GLBA if they are in compliance with the Family Educational Rights and Privacy Act (FERPA). However, higher education institutions are subject to the provisions of the act related to the administrative, technical, and physical safeguarding of customer information.

 

NACUBO's Advisory Report 2003-01 provides a summary and explanation of the FTC final regulations related to the safeguarding of customer information.

GLBA Resources

Compliance with the EU General Data Protection Regulation (GDPR)

In April 2016, the European Union adopted a new set of data protection regulations that expands the personal privacy rights of EU citizens. The effective date of these new regulations was May 25, 2018. These regulations apply even to entities with no physical EU presence as long as they control or process covered personal information of EU residents. Colleges and universities with EU-resident students or faculty should be taking steps to ensure compliance with these new regulations.

GDPR Resources

Additional Data Security Resources

 

Other topics related to Department of Education Regulations are available here: ED Regulations

Contact

Megan Schneider

Assistant Director, Federal Affairs

202.861.2547

mschneider@nacubo.org


News

The EU General Data Protection Regulation Has Arrived. Is Your Campus Ready?

May 29, 2018

Numerous resources are available to help colleges and universities ensure compliance with the new European Union General Data Protection Regulation.


Read Full Article
  • July 31, 2018

    What Did I Miss in Washington? July 10-August 1, 2018

    In this edition: NACUBO guidance on closing out Perkins Loan programs, an update on borrower defense, a new tax bill on Capitol Hill, and more.

    Read More →
  • May 30, 2018

    NACUBO and ACE Issue Update on Global Music Rights Negotiations

    Discussions between NACUBO, the American Council on Education, and Global Music Rights for a public performance license ultimately proved unsuccessful, and the two higher education associations have issued a statement to update institutions on the negotiations.

    Read More →