The Federal Government has also recognized the inherent risks associated with conducting financial transactions over the internet. The Gramm-Leach-Bliley Act (GLB) was recently passed to protect customer information obtained and / or maintained as a result of a financial transaction. The customer information you request as a University merchant location is protected under the GLB Act.

To assist merchant locations in implementing a secure e-business solution, the ERG has established a security review and drafted a comprehensive list of e-business security guidelines. These guidelines are meant to supplement common security practices, as well as existing University policies and procedures related to computer usage and information security. These guidelines are also intended to promote compliance with relevant regulatory laws including the GLB Act. All of these guidelines should be followed when evaluating an e-business solution.

In addition to the ERG security review, the University has established a formal plan to comply with requirements outlined in the GLB Act. Robert F. Pack, Vice Provost and University Customer Information Security Officer has published a memo containing the University’s Customer Information Security Plan. The plan outlines a number of actions that should be taken by each merchant location to ensure compliance. Please review the plan carefully and take the necessary actions outlined. Forward all correspondence and documentation to Robert F. Pack, Vice Provost and University Customer Information Security Officer. All proposals must comply with the requirements outlined in the University’s Customer Information security Plan.

Please note that while the ERG will assist departments with assessing their project’s security and make recommendations; ultimately, each department is responsible for ensuring the security of their e-business system.