‚Äč
Office of General Counsel

Background Information about the Gramm-Leach-Bliley Act and the University of Akron's response to GLBA

GLBA stands for the Gramm-Leach-Bliley Act, which is a law that was passed by Congress in 1999. Among the many matters the law addresses is the security of non-public financial information. The University has created this website to assist the University community in its efforts to gain a greater understanding of the law, its requirements and its protections.

General Information about GLBA and the University's Response

The Gramm-Leach-Bliley Act (GLBA) is federal legislation that was enacted by Congress in 1999. The primary purpose of GLBA was to reform the banking industry to allow financial institutions to share information.

Colleges and universities are also subject to some of the provisions of GLBA because they collect and maintain financial information about their students and others with whom they interact.

Under the GLBA, the Federal Trade Commission is authorized to issue regulations to carry out GLBA's purposes and to enforce those regulations. The first set of regulations the FTC adopted under GLBA related to the privacy of customer information. These regulations have been in effect for several years, and most people have encountered the results of GLBA's privacy protections in the form of privacy practice notices they receive from their banks and other institutions from which they receive financial services or products. The University of Akron was not required to comply with GLBA's privacy regulations because the regulations contain an exemption for higher education institutions that comply with the Family Educational Rights and Privacy Act (FERPA), which is generally viewed as being more protective than many of the newer federal privacy laws. For more information about The University of Akron's privacy practices, visit the Office of General Counsel's Privacy Practices and Policies web page.

The second set of regulations the FTC adopted under GLBA are the Standards for Safeguarding Customer Information, which seek to protect the security of non-public financial information. These regulations became effective on May 23, 2003 and do not contain an exemption for higher education institutions that comply with FERPA. Therefore, the University has implemented a comprehensive written information security program as part of its GLBA security compliance efforts.

While many of security practices have been in place at the University for some time, the University is committed to complying with the security requirements of GLBA. As part of the comprehensive written information security program, the university is implementing the following:

University Rule 3359-11-10.4 Interim Customer Information Security Policy - It has been recommended that the President approve this interim rule for immediate filing, effective May 23, 2003, to assist the university with its GLBA compliance. The Board of Trustees will then be asked to ratify the rule at its June meeting. While this rule will be filed with the Ohio Legislative Service Commission and will not be effective until ten days after being filed with the LSC, the university is operating as if this rule was effective as of May 23, 2003.

University Rule 3359-11-10.3 Interim Information Technology Security and System Integrity Policy - It has been recommended that the President approve this interim rule for immediate filing, effective May 23, 2003, to assist the university with its GLBA compliance. The Board of Trustees will then be asked to ratify the rule at its June meeting. While this rule will be filed with the Ohio Legislative Service Commission and will not be effective until ten days after being filed with the LSC, the university is operating as if this rule was effective as of May 23, 2003.

Interim Customer Information Security Program Procedures and Protocols - This guidance document is an additional component of the University's Information Security Program and provides more detailed information about the steps the University of Akron currently takes and that the university will implement to provide for the security and integrity of customers' non-public financial information. This document also indicates which departments or individuals within the university will have responsibility for portions of the University's Information Security Program. The Interim Customer Information Security Program Procedures and Protocols is subject to revision as necessary to effectively and efficiently provide for the security of customers' non-public financial information.

The University of Akron

Akron, OH 44325
Phone: 330-972-7111
Contact us
Send mail & deliveries to UA
Text-Only