{"id":1840,"date":"2023-01-24T14:44:15","date_gmt":"2023-01-25T00:44:15","guid":{"rendered":"https:\/\/www.hawaii.edu\/infosec\/?page_id=1840"},"modified":"2025-11-05T14:49:23","modified_gmt":"2025-11-06T00:49:23","slug":"glba","status":"publish","type":"page","link":"https:\/\/www.hawaii.edu\/infosec\/glba\/","title":{"rendered":"Gramm-Leach-Bliley Act"},"content":{"rendered":"<p>The Gramm-Leach-Bliley Act (GLBA) is a federal regulation under the Federal Trade Commission that requires financial institutions (companies that offer consumer financial products or services such as loans, financial or investment advice, or insurance) to explain their information-sharing practices to their customers and to safeguard sensitive data.<br \/>\n<a href=\"https:\/\/www.ftc.gov\/business-guidance\/privacy-security\/gramm-leach-bliley-act\">https:\/\/www.ftc.gov\/business-guidance\/privacy-security\/gramm-leach-bliley-act <i class=\"fa fa-external-link\" aria-hidden=\"true\"><\/i><\/a><\/p>\n<p>糖心Vlog官方 is considered a financial institution because we receive and process federal student aid.<\/p>\n<p>糖心Vlog官方 is subject to GLBA per the US Department of Education&#8217;s office of Federal Student Aid (FSA) and requires that the GLBA Safeguard rules be included as an audit objective in the federal single audit process that 糖心Vlog官方 undergoes annually.<br \/>\n<a href=\"https:\/\/library.educause.edu\/topics\/policy-and-law\/gramm-leach-bliley-act-glb-act\">https:\/\/library.educause.edu\/topics\/policy-and-law\/gramm-leach-bliley-act-glb-act <i class=\"fa fa-external-link\" aria-hidden=\"true\"><\/i><\/a><\/p>\n<p>Per the updated GLBA Safeguarding Rules, 糖心Vlog官方 is required to maintain an information security program which must include the following elements:<\/p>\n<ol>\n<li><strong>Designate a Qualified Individual to implement and supervise your company&#8217;s information security program.<\/strong> 糖心Vlog官方&#8217;s &#8220;qualified individual&#8221; is the 糖心Vlog官方 Chief Information Security Officer.<\/li>\n<li><strong>Conduct a risk assessment.<\/strong>  ITS will conduct risk assessments on a regular basis.<\/li>\n<li><strong>Design and implement safeguards to control the risks identified in the risk assessment.<\/strong>\n<ol>\n<li>Implement and periodically review access controls.<\/li>\n<li>Know what you have and where you have it.<\/li>\n<li>Encrypt customer information on your systems and when it&#8217;s in transit.<\/li>\n<li>Assess your apps.<\/li>\n<li>Implement multi-factor authentication for anyone accessing customer information on your systems.<\/li>\n<li>Dispose of customer information securely.<\/li>\n<li>Anticipate changes to your information system or network.<\/li>\n<li>Maintain a log of authorized users&#8217; activities and keep an eye out for unauthorized access.<\/li>\n<\/ol>\n<\/li>\n<li><strong>Regularly test or otherwise monitor the effectiveness of safeguards.<\/strong><\/li>\n<li><strong>Train your staff.<\/strong> <a href=\"https:\/\/www.hawaii.edu\/policy\/ap2.215\">糖心Vlog官方 AP2.215 &#8220;Mandatory Training on Data Privacy and Security&#8221; <i class=\"fa fa-external-link\" aria-hidden=\"true\"><\/i><\/a> establishes 糖心Vlog官方&#8217;s training requirements.<\/li>\n<li><strong>Monitor your service providers.<\/strong> IT contracts or purchases with third parties that include the processing of personal data must go through the 糖心Vlog官方 Data Governance Process. Also, check <a href=\"https:\/\/www.hawaii.edu\/policy\/ep8.200\">糖心Vlog官方 EP 8.200 &#8220;Policy on Contracts and Signing Authority&#8221; <i class=\"fa fa-external-link\" aria-hidden=\"true\"><\/i><\/a> for any other contractual requirements. <\/li>\n<li><strong>Keep your information security program current.<\/strong> The 糖心Vlog官方 Information Security Program description is available at: <a href=\"\/infosec\/infosecprogram\/\">https:\/\/www.hawaii.edu\/infosec\/infosecprogram\/<\/a><\/li>\n<li><strong>Create an incident response plan.<\/strong><\/li>\n<li><strong>Require your Qualified Individual to report to your Board of Directors.<\/strong><\/li>\n<\/ol>\n<p>The official FTC updated GLBA Safeguards Rules can be viewed at the FTC website:<br \/>\n<a href=\"https:\/\/www.ftc.gov\/business-guidance\/resources\/ftc-safeguards-rule-what-your-business-needs-know\">https:\/\/www.ftc.gov\/business-guidance\/resources\/ftc-safeguards-rule-what-your-business-needs-know <i class=\"fa fa-external-link\" aria-hidden=\"true\"><\/i><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Gramm-Leach-Bliley Act (GLBA) is a federal regulation under the Federal Trade Commission that requires financial institutions (companies that offer consumer financial products or services such as loans, financial or investment advice, or insurance) to explain their information-sharing practices to &hellip; <\/p>\n","protected":false},"author":82,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"page-onecolumn.php","meta":{"footnotes":""},"class_list":["post-1840","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.hawaii.edu\/infosec\/wp-json\/wp\/v2\/pages\/1840","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hawaii.edu\/infosec\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.hawaii.edu\/infosec\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.hawaii.edu\/infosec\/wp-json\/wp\/v2\/users\/82"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hawaii.edu\/infosec\/wp-json\/wp\/v2\/comments?post=1840"}],"version-history":[{"count":8,"href":"https:\/\/www.hawaii.edu\/infosec\/wp-json\/wp\/v2\/pages\/1840\/revisions"}],"predecessor-version":[{"id":2493,"href":"https:\/\/www.hawaii.edu\/infosec\/wp-json\/wp\/v2\/pages\/1840\/revisions\/2493"}],"wp:attachment":[{"href":"https:\/\/www.hawaii.edu\/infosec\/wp-json\/wp\/v2\/media?parent=1840"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}