The Gramm-Leach-Bliley Act (GLBA) was signed into law in 1999 with the intention of providing privacy and security of personal financial information. The privacy section of the GLBA requires financial institutions to provide a privacy notice to their customers and restrict what non-public personal information they share about customers with third parties. The security section addresses the security, confidentiality, and integrity of personal information in the custody of financial institutions.
Because Universities and College participate in financial activities associated with financial aid, they are considered financial institutions for the purposes of the GLBA. While the GLBA requires financial institutions to comply with its privacy regulations Universities and Colleges have been excluded from the requirement to comply with the privacy regulations of the act assuming they are in compliance with the privacy provisions in the Family Educational Rights and Privacy Act (FERPA).
However, institutions are not exempt from the security safeguarding regulations. The final rules on Safeguarding Customer Information contained at 67 Fed. Reg. 36484 (May 23, 2002) do not exempt educational institutions, and thus institutions must adopt an information security program by May 23, 2003. Key compliance requirements include designating an employee to coordinate an information security program, identifying risks to the security of customer information (including a risk assessment of computer information systems), and contractually requiring service providers to implement and maintain security safeguards.
Creighton University is committed to satisfying the law in all its financial processes. This site provides detailed information on University policies and standards designed to facilitate compliance with GLBA.