Skip to content Menu

Advisory Report

NACUBO's Advisory Report 2003-01 includes a summary explanation of the Federal Trade Commission's final regulations on safeguarding consumer information.

Download Report

The FTC Safeguards Rule Promulgated Under the Gramm-Leach-Bliley Act

To protect student information, colleges and universities are required to comply with the Safeguards Rule of the Gramm-Leach-Bliley Act (GLBA). By existing law and regulation, the Federal Trade Commission (FTC) is the Safeguard Rule enforcement agency. However, in 2017, NACUBO learned that the Department of Education has proposed adding a GLBA compliance check to the audit requirements for the student financial cluster under the Single Audit Act. NACUBO will update this page as information develops about the new audit requirement.

FTC regulations under 16 CFR Part 314, published in May 2002, mandate extensive new privacy protections for consumers stemming from the Gramm-Leach-Bliley Act. The GLBA requires financial institutions to take steps to ensure the security and confidentiality of customer records such as names, addresses, phone numbers, bank and credit card account numbers, income and credit histories, and Social Security numbers. The compliance deadline for the safeguards rule was May 23, 2003.

The GLBA broadly defines “financial institution” as any institution engaging in the financial activities enumerated under the Bank Holding Company Act of 1956, including “making, acquiring, brokering, or servicing loans” and “collection agency services.” Because higher education institutions participate in financial activities, such as making Federal Perkins Loans, FTC regulations consider them financial institutions for GLBA purposes.

The GLBA spells out several specific requirements regarding the privacy of customer financial information. Following its passage, NACUBO and other higher education associations worked to have colleges and universities exempted from the jurisdiction of the FTC because they did not fit the typical definition of a financial institution under the GLBA. As a result, under regulations promulgated in May 2000, colleges and universities are deemed to be in compliance with the privacy provisions of the GLBA if they are in compliance with the Family Educational Rights and Privacy Act (FERPA). However, higher education institutions are subject to the provisions of the act related to the administrative, technical, and physical safeguarding of customer information.

 

NACUBO's Advisory Report 2003-01 provides a summary and explanation of the FTC final regulations related to the safeguarding of customer information.

GLBA Resources

Compliance with the EU General Data Protection Regulation (GDPR)

In April 2016, the European Union adopted a new set of data protection regulations that expands the personal privacy rights of EU citizens. The effective date of these new regulations was May 25, 2018. These regulations apply even to entities with no physical EU presence as long as they control or process covered personal information of EU residents. Colleges and universities with EU-resident students or faculty should be taking steps to ensure compliance with these new regulations.

GDPR Resources

Additional Data Security Resources

 

Other topics related to Department of Education Regulations are available here: ED Regulations

Contact

Megan Schneider

Assistant Director, Federal Affairs

202.861.2547

mschneider@nacubo.org


News

The EU General Data Protection Regulation Has Arrived. Is Your Campus Ready?

May 29, 2018

Numerous resources are available to help colleges and universities ensure compliance with the new European Union General Data Protection Regulation.


Read Full Article
  • May 13, 2019

    What Did I Miss in Washington? April 30-May 13, 2019

    In this edition: House appropriators approve increased FY20 funding for ED, the IRS announces retirement and deferred compensation plan audits, and more.

    Read More →
  • January 22, 2019

    What Did I Miss in Washington? January 8-22, 2019

    The Trump administration’s proposed overtime rule moves forward, NASPA provides Title IX NPRM Resources, and more.

    Read More →