Gramm Leach Bliley Act (GLBA)
The Gramm Leach Bliley Act (GLBA) is a comprehensive, federal US law enacted to control the way financial institutions handle customers’ personal information. The law requires financial institutions to develop, implement, and maintain administrative, technical, and physical safeguards to protect the security, integrity, and confidentiality of customer information.
Title IV Institutions must protect Federal Student Aid (FSA) applicant information from unauthorized access and disclosure and comply with the GLBA Safeguards Rule. GLBA has also been added to the Free Application for Student Financial Aid (FAFSA) Participation Agreement and the Federal Student Aid Handbook. In 2019, the Office of Management and Budget released the compliance supplement for the FY 2019 federal single audit process which includes the audit objective for the Safeguards Rule. Auditors will be verifying that colleges and universities have 1) appointed coordinators for the institution’s information security program; 2) performed a risk assessment addressing employee training and management, network and systems, and incident response; and 3) implemented safeguards for all risks identified.
Louisiana State University and Agricultural and Mechanical College, hereafter referred to as “the University,” will undertake steps to ensure the University is compliant with the Safeguards Rule by supporting a formal information security program that includes the technology, training, policies, procedures, and processes to achieve compliance and mitigate any identified risks to GLBA-related data and/or personally identifiable information (PII). PII refers to data elements that in combination could result in identification of an individual (I.e. name, date of birth, social security number, address, etc.).
GLBA Committee
The GLBA Committee is a working group of representatives from the University who interact with GLBA-related data and/or PII provided by students and staff.
The GLBA Committee will assist the University in becoming compliant with the GLBA Safeguards Rule and support the information security program to protect all people, processes and technologies that store, transmit or process GLBA-related data and/or PII, including processes for detecting and responding to any potential threats.
This team will discuss findings and develop strategies that will ensure the necessary security controls are implemented and maintained ongoing.
Qualified Individual for LSU is Sumit Jain, CISSP, Director, IT Security and Policy (CISO).
Resources