Main Menu

GLBA Training

Shepherd GLBA Training PowerPoint Presentation

GLBA Information Security Program Approved 11/28/2022

Objectives for GLBA Training
GLBA Overview
Safeguards Rule
Additional Resources
GLBA Definitions
Compliance

What is GLBA?
• The Gramm Leach Bliley Act (GLBA) is a comprehensive federal law affecting financial institutions. The law requires financial institutions to develop, implement, and maintain administrative, technical, and physical safeguards to protect the security, integrity, and confidentiality of customer information.
• The Federal Trade Commission (FTC) enforces compliance with GLBA.
• The FTC may bring an administrative enforcement action against any financial institution for non-compliance with the GLBA.
• Shepherd University significantly engages in student loan making and provides other financial services to student customers. As such, Shepherd falls within the definition of “financial institution” under GLBA and must comply.
• “Financial Institution” means any institution the business of which is engaging in financial activities.

Examples of Shepherd University Financial Products and Services Covered Under GLBA:

GLBA Privacy Rule
The FTC has officially stated that any college or university that complies with the Federal Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g) and that is also a financial institution subject to the requirements of GLBA shall be deemed to be in compliance with GLBA’s privacy rules if it is in compliance with FERPA (16 CFR 313.1).

GLBA Safeguards Rule
• Shepherd University must comply with the Safeguards Rule.
• The Safeguards Rule requires all financial institutions to develop an information security program designed to protect “customer information.”
• The objectives of the Safeguards Rule are to: Insure the security and confidentiality of customer information; Protect against any anticipated threats or hazards to the security or integrity of such information; and Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.
• “Information Security Program” means the administrative, technical, and physical safeguards used by the institution to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle customer information.
• Under Shepherd’s Information Security Program, a GLBA-covered department must assume responsibility for assuring adequate safeguards are in place within its area.

The Information Security Program must include:

Administrative Safeguards include developing and publishing polices, standards, procedures, and guidelines, and are generally within the direct control of a department. Examples include:

Physical Safeguards are generally within a department’s control and include:

Technical Safeguards include the configuration of computing infrastructure and are generally the responsibility of IT Services staff. Departments should be knowledgeable regarding how their digital customer information is safeguarded. If additional technical controls are warranted, departments should work with IT staff to improve safeguards.

GLBA Definitions
Customer Information is any record containing non-public personal information about a customer of a financial institution, whether in paper, electronic, or other form, that is handled or maintained by or on behalf of the financial institution or its affiliates.

GLBA applies to customer information obtained in a variety of situations, including:

Examples of Non-public Personal Information (NPI) Include: