For the fiscal year 2024 audit, CU Boulder is required to comply with updates to the Gramm-Leach-Bliley Act (GLBA), which ensures the security and privacy of student data.
While the Office of Information Technology (OIT) and the Campus Controller’s Office (CCO) will be responsible for implementing and documenting the updates, we’re asking departments to let us know if they collect information from students that falls under the scope of GLBA.
What is GLBA?
The GLBA requires CU Boulder to have safeguards in place to ensure the security and confidentiality of nonpublic student and employee information obtained to provide a financial service.
Identifying relevant data in your department
This rule covers most personal information (name, date of birth, social security number, etc.) as well as transactional data (card, bank account numbers), and private information you may acquire during a transaction (a credit report, for instance). Please note this would include financial services provided by the Bursar’s Office and the Office of Financial Aid.
Next steps and support
While OIT and the CCO are aware of the information collected by the Bursar’s Office and the Office of Financial Aid, please contact IT Security Officer Sarah Braun if your department also collects student or employee information related to a financial service. Please also reach out to Sarah if you have any questions.