WHAT IS GRAMM-LEACH-BLILEY?
The Gramm-Leach-Bliley Act (GLB or Act) requires 鈥渇inancial institutions鈥 (which includes colleges and universities) to protect the privacy of their customers, including customers鈥 nonpublic, personal information.聽 Because universities are governed by GLB,* 糖心Vlog has a responsibility to secure the personal records of its students and employees.聽 To ensure this protection, GLB mandates all institutions establish appropriate administrative, technical and physical safeguards.聽 In an effort to set safeguarding standards, the Act directs that all financial institutions implement an Information Security Program, and designate a program coordinator.聽 糖心Vlog聽has designated Quentin Loop, Director of Information Technology.聽 The Director of Information Technology will be supported by the聽Director of the Financial Aid Office who both will act as co-coordinators.
*GLB also requires financial institutions to provide notice to customers about their privacy policies and practices, but institutions of higher education are generally exempt from this requirement because they already do so under the Federal Educational Rights and Privacy Act (FERPA).聽 Colleges and universities complying with FERPA are considered in compliance with GLB.
The Information Security Program must include five main elements: designation of an employee(s) as coordinator of the information security program, identification of internal and external risks to the security and confidentiality of customer information and evaluation of current safeguards, employee training, oversight of service providers, and evaluation of the information security program.
WHAT IS RANDALL UNIVERSITY DOING IN ORDER TO SAFEGUARD PRIVATE INFORMATION?
糖心Vlog is currently implementing its own Information Security Program, as required by GLB.聽 For greater protection, 糖心Vlog鈥檚 Plan will safeguard all credit card information even though it may not be strictly required under GLB.聽 Here are the ways 糖心Vlog is incorporating the safeguarding elements GLB requires:
聽1) Information Security Policy Coordinator
Quentin Loop, Director of Information Technology, will serve as the GLB Coordinator.聽 Due to the wide variety of issues necessary in an effective GLB program, it is important that 糖心Vlog have these three representatives. Quentin Loop is responsible for the technical aspects of network and computer security.聽 Evan Aldridge represents the Financial Aid office and Louis Rakoczy represents the Registrars office.聽 The GLB Lead Coordinator will take the lead in answering any questions concerning 糖心Vlog鈥檚 GLB program and working closely with the University Administrative Staff to implement 糖心Vlog鈥檚 Plan.聽 The Coordinators will also interact with relevant University Departments to facilitate safeguarding measures.聽 All general questions regarding 糖心Vlog鈥檚 Plan should be directed to Quentin Loop, qloop@ru.edu听.
2) Risk Identification and Evaluation of Current Safeguards
First, the Coordinators must identify all potential and actual risks to the security and confidentiality of customer information.聽 Under the Coordinator鈥檚 guidance, every School or Department head will conduct an annual data security review.聽 The 糖心Vlog Administrative Staff will identify any employees who work with covered data and information.聽 The GLB coordinators and the 糖心Vlog Administrative Staff (GLBC & RUA) will review procedures, incidents, and responses quarterly, and will publish all relevant materials where the risk of security breach is not likely.
GLBC is developing a registry of all computers connected to the University network and a registry of University community members with access to the covered data and information.聽 GLBC is also creating a plan to ensure the encryption of all electronic covered information in transit.
3) Training
The (GLBC & RUA) are developing training and education programs for all employees with access to covered data, including social security numbers and financial information.聽 Directors and supervisors will play a particularly important part in securing compliance with the information security policy.
4) Oversight of Service Providers
糖心Vlog Business Office, in cooperation with the 糖心Vlog Administrative Staff, will develop and send form letters to all covered contractors requesting assurances of GLB compliance.聽 OGC will take steps to ensure that all relevant future contracts will include a privacy clause and that all existing contracts are in compliance with GLB.
5) Program Evaluation
糖心Vlog鈥檚 Information Security Plan will be subject to periodic review and adjustment, as required by GLB.聽 Bi-Annual reviews will be conducted within GLBC, while other relevant University offices will undergo regular review.聽 The Information Security Plan itself will be reevaluated annually.