Re: FTC Regulations - Notification Question

[Ken Shaurette <Ken.Shaurette () OMNITECHCORP COM>]

I would say no from what I understand.  GLBA only applies to true
Financial Institutions, Bank, Credit Union, S&L, Insurance Company.
Unless you are running a Student Credit Union a college would not fit
the definition of an organization that needs to comply with the privacy
notice requirement.  

That does not mean from a "due diligence" perspective that you don't
need to keep your students informed and provide "opt in" or "opt out"
for the sharing of their information with other entities, or provide the
option of knowing who the information is shared with.

Ken 
CISSP, CISA, CISM, IAM
Information Security Solutions Manager
Omni Tech Corporation, www.omnitechcorp.com
(262) 523-3300 x486



-----Original Message-----
From: Walsh, Brian R. (Information Services) [mailto:brwal () CONNCOLL EDU]

Sent: Wednesday, April 16, 2003 2:08 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] FTC Regulations - Notification Question


I've read through the documents from Educause, NACUBO, and some of the
FTC documents regarding the GLB Act but I'm still not clear on the
notification part of it. The rules call for written financial privacy
notices to be given to "customers" when the relationship is established
and again annually. Does this apply to colleges and universities? What
does everyone think?

Brian

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at
http://www.educause.edu/memdir/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.