Policy 07:19:00 Protection of Consumer Information Under the Gramm Leach Bliley Act
Revision Responsibility: Coordinator of IT Services Responsible Executive Office: Chief Financial Officer |
Purpose: The purpose of this policy is to describe Platt College's policies and procedures for complying with the specific requirements set forth in the federal Gramm-Leach-Bliley Act (GLB Act). This policy describes how the College protects information specifically covered under the GLB Act. |
Summary of Requirements of GLB Act: The GLB Act requires “Financial Institutions,” defined below, including colleges, to protect non-public personal information that is collected from an individual who obtains or has obtained a financial product or service from the institution for personal, family or household purposes. Financial products or services offered by Platt and covered by the GLB Act include student loans Examples of information that would require protection include tax returns, Social Security numbers or other non-public or personal information that is collected for purposes of providing these services. The safeguarding regulations of the GLB Act (“Safeguards Rule”) require that covered institutions, such as USC, develop, implement and maintain a comprehensive information security plan that includes administrative, technical and physical safeguards to protect the information covered by the GLB Act. The plan must describe how USC protects customer information. Definitions: Covered Data and Information
Student Financial Information
Financial Institution An institution significantly engaged in financial activities, which include:
Financial Product or Service A financial product or service covered under the GLB Act includes the following:
Consumer Someone who obtains or has obtained a financial produce or service from a financial institution that is to be used primarily for personal, family or household purposes, or that person’s legal representative. Examples include:
Customer Customers are consumers who have a continuing relationship with a financial institution. Examples include:
Non-Public Personal Information Any personal identifiable financial information that a financial institution collects about an individual in connection with providing a financial product or service, unless that information is otherwise publicly available. Examples include:
Policy: Platt College complies with the Safeguards Rule in accordance with the GLB Act, which includes:
Employee Designation The Coordinator of IT is responsible for day-to-day management and oversight of the Safeguards Rule of the GLB Act. The following offices will specifically assist in protecting data covered by the GLB Act:
Each of these offices continues to implement security procedures to comply with the GLB Act. Training Since 2015, College employees who have access to customer information undergo a background check prior to hire. All individuals who access student education records must complete a training program regarding the Family Educational Rights and Privacy Act (FERPA) before they are provided access to systems that maintain this information. The requirements of the Safeguards Rule are incorporated into annual FERPA training that all College employees complete annually. Procedures: Incident Reporting Incidents of actual or suspected security breaches must be reported immediately to the Coordinator of IT Services, Mark Finken at 303.369.5151 ext 241. All incidents of security breaches should be reported to [email protected] with the (a) date of breach, (b) impact of breach, (c) method of breach, (d) information security program point of contact, and (e) remediation status including next steps. The Education Security Operations Center (ED SOC) may be reached at 202-245-6550 (24/7). Implementing Safeguards Platt College has several formal policies and procedures that address information security of the data covered by the GLB Act as well as consequences for failing to maintain the confidentiality of certain information, including:
Platt College incorporates the following safeguards, as appropriate:
Monitoring and Auditing Compliance with the GLB Safeguards Rule shall be monitored regularly. The Coordinator of IT Services will conduct periodic internal audits to ensure compliance with federal and state laws and regulations as well as College policy. Resources Federal Trade Commission: U.S. Senate Committee on Banking, Housing and Urban Affairs: Information Regarding the Gramm-Leach-Bliley Act of 1999 |
Created in new format: June 1, 2018 |