The Gramm Leach Bliley Act (GLBA) requires that customer information, which is any record containing non-public personal information provided for the purpose of financial aid or student loans, be handled and managed securely. These requirements apply to information in any format.
Non-public personal information is personally identifiable information that is not publicly available including names, addresses, phone numbers, bank and credit card account numbers, income and credit histories, and SSNs.
At USNH institutions, this means any non-public personal information provided to us for the purpose of granting financial aid is subject to specific information protection requirements.
Information provided to the Universities for purposes unrelated to financial aid.
Anyone with access to personally identifiable information provided for the purposes of obtaining financial aid. At USNH institutions, these are the Student Financial Services teams.
GLBA compliance is required and failure to comply can result in oversight by the FTC, financial penalties, and imprisonment.
Only those individuals with a business need to do so are authorized to access information protected by GLBA. At USNH institutions, these individuals primarily work in Student Financial Services. Other campus departments receive information that may bring them into scope for GLBA review based on the source of the information.
Individuals who need this access in order to perform their jobs are provided access using standard request and approval processes. Any access to this information by anyone outside of Business Services and Financial Aid requires approval by the appropriate data stewards.
At USNH institutions, the data steward for GLBA protected information is the Director of Financial Aid. Requests for access must be submitted via the Data Access Request form.
The sharing of information protected by GLBA must follow FERPA procedures. See the FERPA section for more details.
USNH institutions have a legal and ethical responsibility to protect the privacy and security of all data, including PII, regardless of the mechanism used to store it. For specifics on where regulated data, including information protected by GLBA can be stored, see Storage Offerings.
Information stored in electronic formats must be wiped according to the standard set by Enterprise Technology & Services. Equipment used to store and process GLBA protected data that is submitted to the SEED program will be disposed of in the appropriate manner.
Information stored in physical formats must be shredded.
The Gramm-Leach-Bliley Act (GLBA), includes provisions to protect consumers’ personal financial information held by financial institutions. Colleges and universities, including USNH institutions, participate in financial activities, such as making Federal Perkins Loans; therefore, FTC regulations consider them financial institutions for GLBA purposes.
