Gramm Leach Bliley Information Security Program

The Gramm-Leach-Bliley Act (GLB Act), also known as the Financial Modernization Act of 1999, is a federal law that includes provisions to protect consumers’ personal 金融 information held by 金融 institutions. A portion of these regulations are applicable to colleges and universities and require that the University establish and periodically revise an information security program.

All offices and individuals campus wide who are engaged in the following activities or practices are required to participate in the Gramm Leach Bliley Information Security Program:

  • Academic and administrative offices that handle electronic or printed personnel records, 财务记录, transactional records, 或者学生档案.
  • Academic and administrative offices that transmit confidential information (protected data) to off-site locations as part of a periodic review or submission requirement.
  • Centers and Institutes that provide services and acquire personal or 金融 information from participants or constituents.
  • 教师 serving as directors, 协调员, principal investigators, or program directors for programs collecting protected data.
  • 教师, 工作人员, and administrators with contracts to use, 访问, or provide protected data to or receive from a non-campus entity (e.g., government databases, science databases).
  • Performing arts organizations that collect patron information.

加州大学洛杉矶分校 set forth a comprehensive GLB Information Security Program that would serve as a guide for how all information security, in both paper and electronic format, would be maintained on this campus. Information covered under the plan is defined by three categories:

  • Personally Identifiable Information (PII) – Also known as protected data, PII includes first and last name, social security number, 出生日期, 家庭住址, home telephone number, academic performance record, 物理描述, 病史, 学科的历史, 性别, 和种族.
  • Financial Information – Information that the University has obtained from employees, 校友, 辅助机构, 顾客, external program participants, or the like in the process of offering a 金融 product or service, or conducting a program. Examples include bank and credit card account numbers, and income and credit histories.
  • Student Financial Information – Information that the University has obtained from a student in the process of offering a 金融 product or service, or such information provided to the University by another 金融 institution. Examples include student loans, income tax information received from a student’s parent when offering a 金融 aid package, bank and credit card account numbers, and income and credit histories.

 

All departments that handle or maintain protected data must perform a risk assessment of their areas and put safeguards in place to secure personally identifiable, 金融, and student 金融 information. Administrators are responsible for educating all department personnel about information security best practices in their respective areas. 除了, oversight must be provided to service providers who are given 访问 to protected data or may come in contact with protected data while carrying out contracted service responsibilities.

The complete Gramm Leach Bliley Information Security Program, including a responsibilities matrix, is available on the ITS Web site at: www.bayamonworkingtools.net/its/guidelines.