GLB Survey

Information Technology Services > Computing Policies > Information Security > GLB Survey

A new Federal Trade Commission rule related to the safeguarding of consumer financial information was recently enacted (Gramm-Leach-Bliley Act Financial Privacy, Safeguards, and Pretexting). This act requires that Belmont University formally address the privacy of financial and other non-public information by implementing policies and procedures to address the administration, technical and physical security of this information.

Examples of where this act may apply include:

Applications for employment or similar forms
Financial transactions (checks, credit card numbers, bank routing numbers)
Transaction information (receipts, invoices, bills or statements)
Information Belmont University receives from consumer reporting agencies
Information from governmental agencies including checks

Private non-public information includes:

Name
Social Security Number
Date and Location of Birth
Sex
Financial Status
Salary History
Personal Check Information
Credit Card Numbers
Drivers License Information

In order for Belmont University to comply with this Act, we must know where such data is stored. Due to the decentralized nature of our environment, we are requesting that each department complete a web-based survey to help us inventory Belmont University's financial information and other private non-public information. This survey is designed to help you identify areas where this act may apply in your area. Please take a moment to complete the survey.

More information about this ruling and Belmon t University's plan for compliance can be found at www.belmont.edu/its/policies/informationsecurity. Additional FTC guidance and compliance information is at http://www.ftc.gov/privacy/privacyinitiatives/glbact.html.

Survey Guidelines

Please complete the following questionnaire to the best of your knowledge. Since there is a wide range of business procedures at Belmont University, please use your own interpretation of the examples above to determine which aspects of your operations are relevant. List any additional information that you think might qualify as private non-public information. If you are not sure, please include it or contact Randall Reynolds, Information Security Plan Coordinator.

NOTE: Information Technology Services maintains the security of the following centrally housed systems:

Listed below are the University (enterprise-wide) administrative systems:

Payroll and Human Resources
Budget Development System
Library System
Banner Financials which includes:
- General Ledger
- Accounts Payable
- Purchasing
- Fixed Assets
Banner Student Information System (SIS), which includes:
- Undergraduate Admissions
- Student Records
- Financial Aid Management
- Accounts Receivable
Banner Imaging (Xtender Solutions)
Adirondack
Business Objects
DARS
People Admin
TouchNet

Information Technology Services stores this data in a secure environment with numerous safeguards protecting the integrity and access to the data. You do not need to report these systems in the survey if you only use these systems.

However, if you are maintaining paper or electronic copies of such data, then we need to know about this activity. We also need to know about any shadow systems you may maintain in spreadsheets, electronic documents, or in paper notebooks, etc.

===========================================================================

Information Related to ITS maintained systems or housed locally

1. Which of the ITS maintained systems does your department use (banner, adirondack, imaging, DARS, etc.)

2. Do you transfer, copy or print any information form the ITS systems to your office?

Information Related to Filling out Applications for Employment

1. Does your department collect employment application information?

Yes
No

2. For what purpose do you collect this information?

3. Exactly what information is collected? (Is ssn collected?)

4. Where is it stored (local computer disk, paper copy in filing cabinet, paper copy in locked filing cabinet)?

5. How is access to the information controlled in your area?

6. Who has access to this information? List either job titles or specific individuals with access?

7. Who authorizes access to this information? List either job title(s) or the name(s) of authorizing person(s)?

8. How long is this information retained?

9. How is it destroyed?

10. Is there a policy governing the use of the information?

Yes
No

11. Are there consequences or a procedure that governs violation of the policy?

12. Is there a procedure in place to monitor the security of the information?

Yes
No

Information Related to Completing Financial Transactions:

1. Does your department handle financial transactions?

Yes
No

2. For what purpose do you collect this information?

3. Do you collect or disperse funds by paper (checks) and/or electronically outside of the finance office?

paper
electronic
both

4. Specifically, how are funds collected or dispersed?

5. Who is authorized to disperse funds (for example checks or deposits)?

6. Does your department handle credit card transactions?

Yes
No

7. What system or systems is used? Please describe.

8. Where are the credit card receipts stored?

9. Who has access to the receipts?

10. Does your department handle personal checks from customers?

Yes
No

11. What system or systems is used? Please describe.

12. Does your department copy these checks?

Yes
No

13. Where are the copies stored?

14. Who has access to the copies?

15. Does your department use any financial system that uses a web based or dial up modem interface?

Yes
No

16. What system or systems is used? Please describe.

17. Exactly what information is collected?

18. Where is it stored (local computer disk, paper copy in filing cabinet, paper copy in locked filing cabinet)?

19. How is access to the information controlled?

20. Who has access to this information? List either job titles or specific individuals with access?

21. Who authorizes access to this information? List either job title (s) or the name(s) of authorizing person(s)?

22. How long is this information retained?

23. How is it destroyed?

24. Is there a policy governing the use of the information?

Yes
No

25. Are there consequences or a procedure that governs violation of the policy?

Yes
No

26. Is there a procedure in place to monitor the security of the information?

Yes
No

Information from Consumer Reporting Agencies:

1. Does your department collect and store non-public private information from any outside agency, such as credit bureaus, college recruiting services, financial reporting agencies or any other consumer-reporting agency?

Information from Governmental Agencies:

1. Does your department collect and store non-public private information from any government agency such as citations, convictions, arrest information veteransý information with financial information, EEO information?

Information Passed between Belmont University and 3rd Party Vendors:

1. Does your department share non-public private information with any outside vendor, such as billing agency, mail house, collection agency, recruiting firm or web services provider?

Yes
No

2. Exactly what information is collected?

3. Where is it stored (local computer disk, paper copy in filing cabinet, paper copy in locked filing cabinet)?

4. How is access to the information controlled?

5. Who has access to this information? List either job titles or specific individuals with access?

6. Who authorizes access to this information? List either job title (s) or the name(s) of authorizing person(s)?

7. How long is this information retained?

8. How is it destroyed?

9. Is there a policy governing the use of the information?

Yes
No

10. Are there consequences or a procedure that governs violation of the policy?

Yes
No

11. Is there a procedure in place to monitor the security of the information?

Yes
No

Thank you,

Form submitted by:

Department:

E-mail Address:

Phone #: