• Calendar | News | People | A to Z | Home

Gramm-Leach-Bliley Act (GLBA)

St. Olaf College is mandated by the Federal Trade Commission’s Safeguard Rules and the Gramm-Leach-Bliley Act (GLBA) to protect customer financial information.  Our responsibility covers the data and information held by the college as well as that held by 3rd parties hired by the college.  St. Olaf is responsible for ensuring the security and confidentiality of these covered records and for protecting this information against hazards and unauthorized access.  The Controller serves as the college’s GLBA Security Officer.

This protected data (also call Non-Public Information—NPI) is defined as any sensitive data or information the college obtains in connection with, or resulting from, providing a financial product or service to an individual.  NPI does not include information that we have a reasonable basis to believe is lawfully made “publicly available.”   Information is not considered protected when the information is generally made lawfully available to the public and/or the individual can direct that it not be made public and has not done so.  Protected data can include, but is not limited to, tax return information, bank and credit card account numbers, income and credit histories and social security numbers. 

GLBA has an extensive training and compliance requirement.  The Controller has developed and is responsible for overseeing the college-wide GLBA Information Security plan.

See Appendix A for a more complete listing of data elements covered by GLBA.  The Treasurer’s website http://www.stolaf.edu/services/treasurer/TBA contains more detailed information about the GBLA requirements and employee responsibilities.