Gramm-Leach-Bliley Act (GLBA) Compliance

About GLBA

The Gramm-Leach-Bliley Act (GLBA) was enacted in 1999 to reform the financial services industry and address concerns relating to consumer financial privacy. The Act requires financial institutions – companies and organizations that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.

Academic institutions like the University of Michigan are considered financial institutions and must adhere to the GLBA Financial Privacy and Safeguards Rules when handling student financial records.

When GLBA Applies at U-M

It is important that university units, departments, and administrators understand when GLBA applies to the service they provide. Examples of services or activities that the university may offer which result in the creation of student financial information include:

  • Student (or other) loans, including the processes of receiving application information, making, or servicing loans.
  • Credit counseling services.
  • Collection of delinquent loans and accounts.
  • Check cashing services.
  • Real estate settlement services.
  • Issuing credit cards or long term payment plans involving interest charges.
  • Obtaining information from a consumer report.

If you believe GLBA applies to your service, contact your campus GLBA contact listed below.

U-M GLBA Compliance Program

The University of Michigan is committed to protecting the confidentiality, integrity, and availability of its information assets - data, systems, services, and infrastructure components. The university’s robust information security program, governed by U-M’s policy on Information Security (SPG 601.27) and underlying IT standards, supports compliance with GLBA by addressing requirements around:

  • Program oversight.
  • Customer information risk assessment.
  • Safeguards.
  • Continuous monitoring.
  • Staff training.
  • Service provider oversight.
  • Security risk assessment.
  • Incident response plan.
  • Annual reporting..

More details can be found in the U-M Financial Services Information Security Plan (U-M Login required).

Who to Contact with Questions

Individuals who have questions regarding the security of customer financial information that is handled or maintained by or on behalf of the University of Michigan or its affiliates should contact:

University of Michigan – Ann Arbor
Bryan Howard
Student Business Services Director
Financial Operations, Student Business Operations
6000 Wolverine Tower
Ann Arbor, MI 48109-1287
[email protected]

Michigan Medicine
Carmen Colby
Director, Financial Aid
Medical School Administration
5100 THSL, 1135 Catherine St.
Ann Arbor, MI 48109-5726
[email protected]

University of Michigan – Dearborn
Dawn Roult
Assistant Controller
Financial Services
1141 AB
Dearborn, MI 48126-1491
[email protected]

University of Michigan – Flint
Dalana Riley
Assistant Division Controller of Financial Services & Budget
Financial Services & Budget
213 University Center
Flint, MI 48502
[email protected]

Actual or suspected security incidents involving university customer information should be reported immediately in accordance with university policy on Information Security Incident Reporting (SPG 601.25).