Gramm-Leach-Bliley Act (GLBA) Safeguards Rule

The Gramm-Leach-Bliley Act (GLBA) Safeguards Rule requires Frostburg State University to implement safeguards to insure the security and confidentiality of certain non-public customer information. The Safeguards Rule protects certain private information identifiable to individuals that is obtained when the University offers or delivers a financial product or service to them. The University must develop, implement, and maintain a comprehensive information security program containing administrative, technical and physical safeguards that are appropriate based upon the University's size, complexity and the nature of its activities. The following materials are provided for training and education purposes.

• • • • How does the University comply with the GLBA Safeguards Rule?

        Information Security Program (pdf)
        
        This document describes how the University complies with the GLBA Safeguards Rule. All units that handle or maintain covered data must follow the Information Security Program.

      • How do I know if my unit handles or maintains information that is protected under the GLBA Safeguards Rule? If so, what am I required to do under the University’s Information Security Program in relation to this data?

        The following documents can help you determine if you handle or maintain customer information protected under the GLBA Safeguards Rule, and if so, what steps you must take to safeguard that data.
        
        GLBA Safeguards Rule Decision Tree (pdf)
        
        Use this chart to determine if your unit handles or maintains customer information that must be protected under the GLBA Safeguards Rule.
        
        GLBA Compliance Guidance and Certification Form (pdf)
        
        To be completed annually by colleges and administrative units that handle or maintain covered customer information. Submit to the Office of Information Technology.

      • I’d like to understand more about the GLBA Safeguards Rule. Where can I locate additional training and examples?

        The following documents provide an overview of the GLBA Safeguards Rule regulation as well as examples of financial services or products and a reference guide of in-scope and out-of-scope activities.
        
        GLBA Safeguards Rule: Examples of Financial Services or Products (pdf)
        Many University departments will not have exposure to the Safeguards Rule. However, units should review this list of activities that can subject a department or program to the law, and examples of customer information that must be protected.
        
        GLBA Safeguards Rule: Reference Guide (pdf)
        This chart provides examples of in-scope and out-of-scope at the University.
        
        Complying with the Safeguards Rule
        Guidance document provided by the Federal Trade Commission.