The GLB Act…
What Is It and How Does It
Affect You?
The Gramm-Leach-Bliley (GLB) Act is a law that holds DACC responsible
for ensuring the security and confidentiality of customer financial
information. This law affects us in two ways: 1) as we
serve our customers (students) and 2) as we are customers through our
employment at DACC.
The law basically tells DACC to develop, implement and maintain a
comprehensive security program with 3 objectives:
- To ensure the security and confidentiality of customer information
- To protect against any anticipated threats to the security or
integrity of such information; and
- To guard against the unauthorized access to or use of such
information that could result in substantial harm or inconvenience to
any customer.
The following definitions will
explain the law in greater detail:
Customer Information is any record containing nonpublic
(non-directory), personal information about a customer of a financial
institution, whether in paper, electronic, or another form, that is
handled or maintained by or on behalf of you or your affiliates.
Information Security Program is the administrative, technical,
or physical safeguards you use to access, collect, distribute, process,
protect, store, use, transmit, dispose of, or otherwise handle customer
information.
Service provider is any person or entity that receives,
maintains, or otherwise is permitted access to customer information
through its direct provision of services to a financial institution.
The Information Security Plan Must
Have 5 Components:
- Designate an employee or employees to coordinate information
security
- Identify security risks, both internal and external
- Teach employees how to maintain security
- Require service providers to comply with the law
- Continue to monitor network security
How does this work with FERPA?
Colleges and universities are deemed to be in compliance with the
“privacy” provisions of the GLB Act if they are in compliance with the
Family Educational Rights and Privacy Act (FERPA). However,
higher education institutions are subject to the provisions of the Act
related to the administrative, technical, and physical “safeguarding”
of customer information.
How Does this Affect a Faculty Member?
- Any items with student social security numbers must be kept from
student view and shredded when not in use. (class lists, grade sheets,
financial aid paperwork, etc.
- Faculty need to safeguard student information obtained through
the Student Information System.
- Faculty should understand and practice FERPA approved policies
and procedures.
- Faculty may be asked to participate in information security
trainings.
- Faculty will be asked to identify any information security risks.
- As a DACC employee, you need to know and understand your right to
keep your financial information confidential.
AAC Toolbox
Academic Advisement and Counseling