The Gramm Leach Bliley Act (GLBA) requires that customer information, which is any record containing non-public personal information provided for the purpose of financial aid or student loans, be handled and managed securely. These requirements apply to information in any format.
Non-public personal information is personally identifiable information that is not publicly available including names, addresses, phone numbers, bank and credit card account numbers, income and credit histories, and SSNs.
At UNH, this means any non-public personal information provided to us for the purpose of granting financial aid is subject to specific information protection requirements.
Information provided to the University for purposes unrelated to financial aid.
Anyone with access to personally identifiable information provided for the purposes of obtaining financial aid. At UNH, this is the Business Services and Financial Aid teams.
GLBA compliance is required and failure to comply can result in oversight by the FTC, financial penalties, and imprisonment.
Only those individuals with a business need to do so are authorized to access information protected by GLBA. At UNH, these individuals work in Business Services and Financial Aid.
Individuals who need this access in order to perform their jobs are provided access using standard request and approval processes. Any access to this information by anyone outside of Business Services and Financial Aid requires approval by the appropriate data stewards.
At UNH, the data steward for GLBA protected information is the Director of Financial Aid. Requests for access must be submitted via the Data Access Request form.
The sharing of information protected by GLBA must follow FERPA procedures. See the FERPA section for more details.
UNH has a legal and ethical responsibility to protect the privacy and security of all data, including PII, regardless of the mechanism used to store it. For specifics on where regulated data, including information protected by GLBA can be stored, see Storage Offerings.
Information stored in electronic formats must be wiped according to the standard set by Enterprise Technology & Services. Equipment used to store and process GLBA protected data that is submitted to the SEED program will be disposed of in the appropriate manner.
Information stored in physical formats must be shredded.
The Gramm-Leach-Bliley Act (GLBA), includes provisions to protect consumers’ personal financial information held by financial institutions. Colleges and universities, including USNH institutions, participate in financial activities, such as making Federal Perkins Loans; therefore, FTC regulations consider them financial institutions for GLBA purposes.
