Gramm-Leach-Bliley Act: Safeguarding Customer Information

TO: Deans, Directors, and Department Heads

FROM: Robert F. Pack, Vice Provost and University Customer Information Security Officer

DATE: May 23, 2003

RE: Gramm-Leach-Bliley Act: Safeguarding Customer Information

The Federal Trade Commission has issued regulations describing the actions that the University must take in order to safeguard customer information. In response to the regulations, the University has developed a detailed plan, copy attached, to assist units in complying with the requirement to safeguard such information. Since many University policies, practices, and guidelines already exist to protect such information, this is an opportune time review the documents that are referred to in the plan.

In order to ensure our compliance with the regulations, please take the actions described below:

• Carefully review the plan and determine if any components or activities within your unit are significantly engaged in financial activities that involve the collection or utilization of customer information. Examples of activities that the regulations would apply to include the administration of financial aid, the processing of credit card information, or the collection of any other form of customer information. Following your review, please send me a list of all such activities and describe the nature of extent of their utilization of customer information.

• Appoint an employee to oversee your information safeguards practices. This employee will serve as the liaison between your unit and me as the University’s designated Customer Information Security Officer.

• Assess your current customer information practices; identify vulnerabilities; and take appropriate measures to secure customer information. Suggestions as to how to secure information are included in the plan and are also available at http://www.ftc.gov/privacy/glbact/index.html .

• Send me a description of the practices that are in place to protect the information for every activity that falls under the purview of the regulations.

If you have questions regarding the implementation of the plan, please contact me or Ted Fritz in the Office of General Counsel. Thank you for your attention to this request.

Attachment