Gramm Leach-Bailey Act (GLBA)
Effective May 23, 2003, colleges and universities must be in compliance with Federal Trade Commission (FTC) rules relating to safeguarding of customer financial information. The regulations stem from the requirement of the Gramm Leach-Bailey Act (GLBA) which requires institutions to take steps to ensure the security and confidentiality of non-public records, such as, bank and credit card account numbers, income and credit histories, and Social Security numbers. Higher education institutions are subject to the provisions related to the administrative, technical, and physical safeguarding of information in providing services such as student loans.
The Bursar's Office provides information for the following:
- Disbursement of financial aid.
- Maintains the accounts receivables files which contain sensitive information
- Provides information for repayment, deferment, delinquency and advancement of Federal Perkins and Institutional loans
- Maintains the files for these loans which contain sensitive information.
The Bursar's office has implemented the following procedures to insure confidential and secure responses to all inquiries and protect customer information.
- Obtain a completed statement of "Financial Responsibility" each academic year from students
- Discuss account information with student or responsible parent/guardian only
- Verify who the caller is by confirming with "Financial Responsibility" information
- Confirm who the caller is by requesting social security # or date of birth for student
- Discuss account information with authorized person(s) only
- The doors to the office will be locked when office is vacated
- Access to student files will be restricted to staff members and authorized individuals
- All staff members will have a signed confidentiality agreement on file in the Human Resources Office
- Lock or turn off computers when not in use
- Computer monitors will not be in public view
- Remove paper from fax and copier promptly
- Dispose of all sensitive paper by shredding or discard in the locked Confidential waste bin
- Network drives will be used to store all sensitive information
- Change passwords on a regular basis
- Passwords will not be shared
- Passwords, if written down, will be kept private
- Report any suspected security breach immediately to the Bursar