Gramm-Leach-Bliley Act ("GLBA")
Summary
The Gramm-Leach-Bliley Act (Public Law 106-102) was signed into law on November 12, 1999 as part of an effort to enhance competition in the financial services industry. Section 501 of this Act calls for the protection of non-public personal information. Section 501(a) states, "It is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers’ nonpublic personal information." Institutions of higher education are considered financial institutions under this Act due to their role in servicing student loans.
In 2000, the Federal Trade Commission published a Final Rule entitled Privacy of Consumer Financial Information. This Rule was published to implement privacy provisions of GLBA . However, institutions of higher education do not have to conform to this rule due to the fact that the privacy of student information is already protected under the Family Educational Rights and Privacy Act ("FERPA").
In 2001, the Federal Trade Commission published a Final Rule entitled Standards for Safeguarding Customer Information. This Rule states that financial institutions must "[...] develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue." (16 CFR 314.3) Within the scope of its role as a financial institution, institutions of higher education are required to conform with this rule.
Resources
- Gramm-Leach-Bliley Act (Public Law 106-102)
- Privacy of Consumer Financial Information; Final Rule (16 CFR 313)
- Standards for Safeguarding Customer Information; Final Rule (16 CFR Part 314)
Revision History
Last Reviewed: 03/13/2014