Skip to main content


The regulations under 16 CFR Part 314, published in May 2002 (May 23 Federal Register, p. 346484), stem from the Gramm-Leach-Bliley Act (the GLB Act or the Act) which was enacted in 2000 to repeal Depression-era restrictions prohibiting banks from engaging in “risky” financial practices under the Glass-Steagall Act.

The law mandates extensive new privacy protections for consumers. The GLB Act requires financial institutions to take steps to ensure the security and confidentiality of customer records, such as names, addresses, phone numbers, bank and credit card account numbers, income and credit card account numbers, income and credit histories, and Social Security numbers.

Colleges and universities are deemed to be in compliance with the privacy provisions of the GLB Act if they are in compliance with the Family Educational Rights and Privacy Act (FERPA). However, higher education institutions are subject to the provisions of the Act related to the administrative, technical and physical safeguarding of customer information.*

How does GLB differ from FERPA? Both the GLB Act and FERPA have specific requirements regarding privacy of customer financial information. The difference however, is that the GLB Act has requirements pertaining to the actual administrative, technical and physical safeguarding of the customer financial information.

*Colleges and Universities Subject to New FTC Rules Safeguarding Customer Information. NACUBO Advisory Report 2003-01, January 13, 2003.

If you have questions about GLB, contact Philip Mein, Executive Director IT Security, at or 913-469-8500, ext. 4310.