Financial Information Security Program Regulation (GLBA)

University Policy: 

I.  Executive Summary and Purpose

This document summarizes The University of North Carolina at Charlotte’s (the “Institution’s”) comprehensive written information security program (the “Program”) mandated by the Federal Trade Commission’s Safeguards Rule and the Gramm-Leach-Bliley Act (“GLBA”).  In particular, this document describes the Program elements pursuant to which the Institution intends to:

  1. ensure the security and confidentiality of covered records,
  2. protect against any anticipated threats or hazards to the security or integrity of such records, and
  3. protect against the unauthorized access or use of such records or information in ways that could result in substantial harm or inconvenience to any customer.

The Program incorporates by reference the Institution’s policies and procedures enumerated below, and is in addition to any institutional policies and procedures that may be required pursuant to other federal and state laws and regulations, including, without limitation, the Family Educational Rights and Privacy Act (FERPA).

II. Scope

The Program applies to any record containing nonpublic financial information about a student or other third party who has a relationship with the Institution (“customer”), whether the record in paper, electronic or other form, which is handled or maintained by or on behalf of the Institution or its affiliates.  For these purposes, the term nonpublic financial information shall mean any information:

  1. a student or other third party provides in order to obtain a financial service from the Institution,
  2. about a student or other third party resulting from any transaction with the Institution involving a financial service, or
  3. otherwise obtained about a student or other third party in connection with providing a financial service to that person.

III. GLBA Committee Representatives

Responsibility for developing, implementing and updating this Program lies with the GLBA Committee. The GLBA Committee is chaired by the AVC for Financial Services and consists of representatives from the following areas:

  • Financial Services
  • OneIT Security and Compliance
  • Office of the Bursar
  • Office of Student Financial Aid
  • Office of Ethics, Policy, and Compliance

 Any questions regarding implementation of the Program or the interpretation of this Regulation should be directed to the GLBA Committee.

IV. Financial Information Security Program (GLBA)

The Financial Information Security Program (GLBA) document, supplemental to this Regulation, provides details for implementation of this Regulation.  This supplemental document carries the full force of this Regulation. 

V. Compliance

Failure to comply with this Regulation and its associated documents will be deemed a violation and subject to disciplinary action in accordance with appropriate University policies (University Policy 801, Violation of University Policy).

Revision History: 

Authority: Chancellor

Responsible Office: Business Affairs

Related Resources: