University of Minnesota
Controller's Office
http://controller.umn.edu/
612-624-1617 or controller@umn.edu

Gramm-Leach-Bliley Act: Safeguards Rule

The Gramm-Leach-Bliley Act (GLBA) Safeguards Rule requires the University of Minnesota to implement safeguards to insure the security and confidentiality of certain non-public customer information. The Safeguards Rule protects certain private information identifiable to individuals that is obtained when the University offers or delivers a financial product or service to them. The University must develop, implement, and maintain a comprehensive information security program containing administrative, technical and physical safeguards that are appropriate based upon the University's size, complexity and the nature of its activities. The following materials are provided for training and education purposes.

How does the University comply with the GLBA Safeguards Rule?

University’s Information Security Program (pdf)

This document describes how the University complies with the GLBA Safeguards Rule. All units that handle or maintain covered data must follow the Information Security Program.

How do I know if my unit handles or maintains information that is protected
under the GLBA Safeguards Rule? If so, what am I required to do under the University’s Information Security Program in relation to this data?

The following documents can help you determine if you handle or maintain customer information protected under the GLBA Safeguards Rule, and if so, what steps you must take to safeguard that data.

  • GLBA Safeguards Rule Decision Tree (pdf)
    Use this chart to determine if your unit handles or maintains customer information that must be protected under the GLBA Safeguards Rule.
  • Certification Form (pdf)
    To be completed annually by colleges and administrative units that handle or maintain covered customer information. Submit to the Controller’s Office.

I’d like to understand more about the GLBA Safeguards Rule. Where can
I locate additional training and examples?

The following documents provide an overview of the GLBA Safeguards Rule regulation as well as examples of financial services or products and a reference guide of in-scope and out-of-scope activities.

  • GLBA: Implementation of the Safeguards Rule (ppsx)
    This document provides information regarding current and future exposure to and compliance with the law.

  • GLBA Safeguards Rule: Examples of Financial Services or Products (pdf)
    Most University departments will not have exposure to the Safeguards Rule. However, units should review this list of activities that can subject a department or program to the law, and examples of customer information that must be protected.

  • GLBA Safeguards Rule: Reference Guide (pdf)
    This chart provides examples of in-scope and out-of-scope at the University.