You need to have JavaScript enabled to get the most of our website
The Milonic DHTML Web Menu will only work on JavaScript enabled browsers.
Connecticut State University Sytem
Text only
 

 

 

 

 

 

RESOLUTION

CONCERNING
GRAMM-LEACH-BLILEY ACT COMPLIANCE

January 27, 2006


WHEREAS,   Federal Trade Commission (FTC) rules implementing the Gramm-Leach-Bliley Act,

15 U.S.C. § 6801, et seq. (GLBA) require that financial institutions develop, implement and maintain a comprehensive written information security program that contains administrative, technical, and physical safeguards appropriate to the size and complexity of the institution, the nature and scope of its activities, and the sensitivity of the customer information or data at issue, and

WHEREAS,   Because higher education institutions participate in financial activities, such as making Federal Perkins Loans, FTC regulations consider them financial institutions for GLBA purposes, and

WHEREAS,   Information security as referred to in GLBA pertains not only to securing of electronic information, devices, and media but also to paper files and physical locations, and

WHEREAS,   The FTC rules set forth the elements that a financial institution is required to include in its information security program, which are intended to create a framework for developing, implementing, and maintaining the required safeguards, and

WHEREAS,   Institutions may tailor their programs, at their own discretion, to address their individual circumstances and needs, and

WHEREAS,   The rules required that all institutions initially develop and implement a written GLBA information security program no later than May 23, 2003, and

WHEREAS,   GLBA information security programs were initially implemented by each university and the System Office prior to the implementation of the CSU Systemwide Information Security Policy, therefore be it

RESOLVED,   That each university and the System Office shall maintain a Gramm-Leach-Bliley Act (GLBA) compliance policy conforming to the safeguarding requirements of the GLBA (16 CFR Part 314) and other applicable statutes and regulations, and consistent with the CSU Systemwide Information Security Policy, and be it further

RESOLVED,   That each university and the System Office shall review and update its GLBA compliance policy as conditions warrant, but not less than every three years; with the first review and any necessary revisions to be completed by June 30, 2006, and be it further

RESOLVED,   That each university and the System Office shall conduct training annually for all appropriate employees regarding GLBA compliance, and be it further

RESOLVED,   That each university and the System Office shall annually provide to the Board of Trustees a report detailing the GLBA training provided at their location.

A Certified True Copy:

Lawrence D. McHugh
Chairman   
Email Webmaster | Copyrights & Disclaimers | Site Map | Search | Archive | Directions | CT.gov