This page can help you understand if the GLBA law applies to you. It is important to note that it does NOT apply if you simply take credit cards for payment.
Does your department provide financial services that place you under the security provisions of the federal Financial Services Modernization Act, also known as the Gramm-Leach-Bliley Act, which includes regulations to protect consumers’ personal financial information?
- Do you collect personal financial information pursuant to issuing credit, including credit cards? (Accepting credit does not apply.)
- Do you collect personal financial information pursuant to granting loans?
- Do you collect payments on which interest is paid? (Deferred payment plans that do not charge interest do not apply.)
- Do you broker investments or mortgages?
- Do you provide financial advice for a fee?
- Do you collect personal financial information pursuant to any other “financial product or service”? (Think about the services banks, brokerages and insurance companies provide.)
- Have you negotiated a contract with a financial service provider or do you plan to in the future?
Note: The Health System does not appear to be covered by GLBA at this time. However, from an operational standpoint, the issue is moot, because HIPAA standards are more comprehensive than GLBA’s; all the practices required by GLBA are also required by HIPAA.
For details on U.Va’s implementation plan for this law, please contact Shirley Payne.
Note: Click here for details on the Financial Services Modernization Act.