What is GLBA?
- The Gramm Leach Bliley Act (GLBA) is a comprehensive federal law affecting financial institutions. The law requires financial institutions to develop, implement, and maintain administrative, technical, and physical safeguards to protect the security, integrity, and confidentiality of customer information.
- The Federal Trade Commission (FTC) enforces compliance with GLBA.
- The FTC may bring an administrative enforcement action against any financial institution for non-compliance with the GLBA.
- Purdue University significantly engages in student loan making and provides other financial services to student customers. As such, Purdue falls within the definition of “financial institution” under the GLBA and must comply with the law’s requirements.
- “Financial Institution” means any institution the business of which is engaging in financial activities.
- Examples of Purdue University Financial Products and Services Covered Under GLBA:
- Student loans, including receiving application information, and the making and servicing of such loans
- Financial advisory services (very limited at Purdue)
- Collection of delinquent loans
- Check cashing services
- Tax planning (very limited at Purdue)
- Obtaining information from a consumer report
- Career counseling services for those seeking employment in finance, accounting or auditing
- The GLBA is composed of several parts, including:
- the Privacy Rule (16 CFR 313) and
- the Safeguards Rule (16 CFR 314)
GLBA Privacy Rule
- The FTC has officially stated that any college or university that complies with the Federal Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g) and that is also a financial institution subject to the requirements of GLBA shall be deemed to be in compliance with GLBA’s privacy rules if it is in compliance with FERPA (16 CFR 313.1).
