Gramm-Leach-Bliley Act (GLBA)

The Gramm-Leach-Bliley Act (GLBA) is designed to ensure the security and confidentiality of customer information maintained by financial institutions. The University of Pittsburgh meets the definition of financial institution because of its participation in the Department of Education's student financial assistance program. 

• Customers - any person who is provided financial services by the University
• Customer Information - any record containing non-public personal information about a customer, whether in paper, electronic, or other form that is handled or maintained by or on behalf of the University or its affiliates 
• Non-Public Information (NPI) - any financial information given by a consumer to a financial institution for the purpose of obtaining a financial product 
• Financial Institution - Institutions that are significantly engaged in financial activities. Financial activities include those entities who participate in the Department of Education's student financial assistance program.
• Financial Product or Service - student loans, employee loans, activities related to extending credit, financial and investment advisory activities, management consulting and counseling activities, community development activities and other miscellaneous financial services 

The University must ensure that all federal student aid applicant information is protected from access by or disclsoure to unauthorized personnel. 

The security of financial aid information includes the following three mandated procedures:

1. Institutions must designate an individual to coordinate the information security program
2. Institutions must perform a risk assessment that address three requried areas: a) employee training and management; b) information systems, including network and software design, as well as information processing, storage, transmission, and disposal; and c) detecting, preventing, and responding to attacks, intrusions, or other systems failures
3. Institutions must document a safeguard for each risk identified during risk assessments

More information on Pitt's GLBA practices can be found in the GLBA Security Information Program.