Skip To Nav

Site-specific menu

Gramm-Leach-Bliley Compliance

The Gramm-Leach-Bliley Act (GLBA or Act) requires "financial institutions" (which includes colleges and universities) to protect the privacy of their customers, including customers' nonpublic, personal information. Because universities are governed by GLBA, Western Michigan University has a responsibility to secure the personal records of its students and employees. To ensure this protection, GLBA mandates all institutions establish appropriate administrative, technical, and physical safeguards.

By customer information, the Gramm-Leach-Bliley Act means information typically gathered in connection with obtaining a financial product or service; this includes but is not limited to include names, addresses, phone numbers, bank and credit card account numbers, income and credit histories, and Social Security numbers.

In an effort to set safeguarding standards, the Act directs that all financial institutions implement an Information Security Program, and designate a program coordinator.

The Information Security Program must include five main elements:

  1. Designation of an employee or employees as coordinator of the information security program;
  2. Identification of internal and external risks to the security and confidentiality of customer information and evaluation of current safeguards;
  3. Employee training;
  4. Oversight of service providers; and,
  5. Evaluation of the information security program.

Last Revised: December 2014 | WMU is grateful for the support of Purdue University in the development of its GLB policy. All adapted work is used with permission.