Overview

As mandated by the Federal Trade Commission (FTC), the 1999 Gramm-Leach-Bliley Act (GLBA) requires the university to implement appropriate security controls to protect and safeguard the private financial information that it processes during institutional operations . These operations include (but are not limited to): granting financial aid, providing student loans, and the storage, transmission, and sharing of nonpublic private information (NPPI). The Information Security Compliance and Training Team coordinates and administers the GLBA program as outlined in University Policy (50.3.11 [PDF]). Key program components include: periodic risk assessments, an awareness and training program, service provider oversight, remedial activity, and program improvement and adjustment.

Program component details:

1. Risk assessments to be conducted within GLBA departments and service providers who transmit, store, and process Non-Public Private Information (NPI), which are based on the NIST SP 800-171 standard
2. Formalized online training to be provided to all staff of identified GLBA departments
3. Remediation activity plan of action to be implemented to address and correct vulnerabilities revealed in the risk assessments
4. Adjustments made to improve the GLBA program

Review additional resources below for policy and training requirements.