The Gramm-Leach Bliley Act (GLBA) Safeguards Rule (16 CFR 314) requires UCA and contracted third-party service providers to protect individuals’ personal information obtained in connection with a financial product or service, such as a student loan. This also applies to any office processing information related to an individual’s having a financial service or product.
The Vice President for Finance & Administration is the Program Coordinator and the Director of Information Security is the Qualified Individual, with the Compliance Office for Finance & Administration responsible for ensuring compliance. Please ask your manager or contact the Compliance Office for more information on whether your department or specific information your department possesses or obtains is subject to the Safeguards Rule. Please contact Information Technology for more information or questions on risks or security measures in place to protect information technology resources.
Please find below materials designed to evidence compliance with the Safeguards Rule and assist departments in identifying threats to information subject to the Safeguards Rule.
- UCA Information Security Program
- Safeguards Rule Certification Form
- Safeguards Rule Questionnaire
- Safeguards Rule Training
- Safeguards Rule Examples
- Incident Response Guide
Departments and units subject to Safeguards Rule compliance are required to certify at least annually that:
- The Information Security Program has been reviewed;
- Employees have been trained on the Program and compliance requirements;
- Risks and safeguards have been addressed and documented; and
- That any applicable contracted service providers comply with the Safeguards Rule.
UCA has developed these materials based in part on guidance and resources published by the Federal Trade Commission (FTC) and, with permission, the University of Minnesota.