The Gramm-Leach-Bliley Act was signed into law in 1999 and is applicable to financial institutions, including colleges and universities. Under GLBA, institutions are obliged to protect customer financial information. The GLBA requires companies and organizations to ensure the security of personally identifying information of financial institution customers, such as names, addresses, account and credit information, and Social Security numbers. In addition, the GLBA sets forth extensive privacy rules, which require covered financial institutions to provide customers with privacy statements describing company privacy practices. However, the Federal Trade Commission’s (FTC) regulations implementing the GLBA specifically provide that colleges and universities will be deemed to be in compliance with the privacy provisions of the GLBA if they are in compliance with FERPA.
More information on GLBA can be found at