Appendix E: Does Gramm-Leach-Bliley Apply to Our Department?

This page can help you understand if the GLBA law applies to you. It is important to note that it does NOT apply if you simply take credit cards for payment.

Does your department provide financial services that place you under the security provisions of the federal Financial Services Modernization Act, also known as the Gramm-Leach-Bliley Act, which includes regulations to protect consumers’ personal financial information?

  • Do you collect personal financial information pursuant to issuing credit, including credit cards? (Accepting credit does not apply.)
  • Do you collect personal financial information pursuant to granting loans?
  • Do you collect payments on which interest is paid? (Deferred payment plans that do not charge interest do not apply.)
  • Do you broker investments or mortgages?
  • Do you provide financial advice for a fee?
  • Do you collect personal financial information pursuant to any other “financial product or service”? (Think about the services banks, brokerages and insurance companies provide.)
  • Have you negotiated a contract with a financial service provider or do you plan to in the future?

Note: The Health System does not appear to be covered by GLBA at this time. However, from an operational standpoint, the issue is moot, because HIPAA standards are more comprehensive than GLBA’s; all the practices required by GLBA are also required by HIPAA.

For details on U.Va’s implementation plan for this law, please contact Shirley Payne.

Note: Click here for details on the Financial Services Modernization Act.

© 2009 by the Rector and Visitors of the University of Virginia.

The information contained on the University of Virginia’s Department of Information Technology and Communication (ITC) website is provided as a public service with the understanding that ITC makes no representations or warranties, either expressed or implied, concerning the accuracy, completeness, reliability or suitability of the information, including warrantees of title, non-infringement of copyright or patent rights of others. These pages are expected to represent the University of Virginia community and the State of Virginia in a professional manner in accordance with the University of Virginia’s Computing Policies.