Tulane University Home  
   


Safeguarding Non-public Private Information at Tulane University
Gramm-Leach-Bliley (GLB) Act Questionnaire


A new Federal Trade Commission rule related to the safeguarding of consumer financial information was recently enacted (Gramm-Leach-Bliley Act Financial Privacy, Safeguards, and Pretexting). This act requires that Tulane University formally address the privacy of financial and other non-public information by implementing policies and procedures by May 23rd, 2003 to address the administration, technical and physical security of this information.

Examples of where this act may apply include:

  • Applications for employment or similar forms
  • Financial transactions (checks, credit card numbers, bank routing numbers)
  • Transaction information (receipts, invoices, bills or statements)
  • Information Tulane University receives from consumer reporting agencies
  • Information from governmental agencies including checks
Private non-public information includes:

  • Name
  • Social Security Number
  • Date and Location of Birth
  • Sex
  • Financial Status
  • Salary History
  • Personal Check Information
  • Credit Card Numbers
  • Drivers License Information
In order for Tulane University to comply with this Act, we must know where such data is stored. Due to the decentralized nature of our environment, we are requesting that each department complete a web-based survey to help us inventory Tulane Universityıs financial information and other private non-public information. This survey is designed to help you identify areas where this act may apply in your area. Please take a moment to complete the survey. We need your responses no later than June 30, 2003.

More information about this ruling and Tulane Universityıs plan for compliance can be found at www2.tulane.edu/privacy/. Additional FTC guidance and compliance information is at www.ftc.gov/privacy/glbact.

Survey Guidelines

Please complete the following questionnaire to the best of your knowledge. Since there is a wide range of business procedures at Tulane University, please use your own interpretation of the examples above to determine which aspects of your operations are relevant. List any additional information that you think might qualify as private non-public information. If you are not sure, please include it or contact Denise B. Alix, Office of General Counsel glb@tulane.edu or 865-5783.

NOTE: Technology Services maintains the security of the following centrally housed systems:

Listed below are the University (enterprise-wide) administrative systems:

  • Payroll and Human Resources
  • Budget Development System
  • Library System
  • Tulane Account Management Systems (TAMS), which includes:
    • General Ledger
    • Accounts Payable
    • Purchasing
    • Grants and Contracts
    • Endowment System
    • Fixed Assets
  • Student Information System (SIS), which includes:
    • Undergraduate Admissions
    • Student Records
    • Financial Aid Management
    • Accounts Receivable
Technology Services stores this data in a secure environment with numerous safeguards protecting the integrity and access to the data. You do not need to report these systems in the survey if you only use these systems.

However, if you are maintaining paper or electronic copies of such data, then we need to know about this activity. We also need to know about any ıshadow systemsı you may maintain in spreadsheets, electronic documents, etc.

Information Related to Technology Services maintained systems ı stored or housed locally

1. Which of the Technology Services maintained systems does your department use?



2. Do you transfer, copy or print any information form the Technology Services system to your office?

Yes
No

3. Describe, for each system, your local activity which uses Technology Services derived data (i.e. Print Human Resource information and store in departmental filing cabinet with other personnel records).



4. Who controls access to your locally stored data from the Technology Services system?



5. Is there a local, written, policy protecting the privacy of this data?

Yes
No

6. How long is the information retained?



7. How is it destroyed?



Information Related to Filling out Applications for Employment

1. Does your department collect employment application information?

Yes
No

2. For what purpose do you collect this information?



3. Exactly what information is collected? (Is ssn collected?)



4. Where is it stored (local computer disk, paper copy in filing cabinet, paper copy in locked filing cabinet)?



5. How is access to the information controlled?



6. Who has access to this information? List either job titles or specific individuals with access?



7. Who authorizes access to this information? List either job title(s) or the name(s) of authorizing person(s)?



8. How long is this information retained?



9. How is it destroyed?



10. Is there a policy governing the use of the information?

Yes
No

11. Are there consequences or a procedure that governs violation of the policy?



12. Is there a procedure in place to monitor the security of the information?

Yes
No

Information Related to Completing Financial Transactions:

1. Does your department handle financial transactions?

Yes
No

2. For what purpose do you collect this information?



3. Do you collect or disperse funds by paper (checks) and/or electronically?

paper
electronic
both

4. Specifically, how are funds collected or dispersed?



5. Who is authorized to disperse funds (for example checks or deposits)?



6. Does your department handle credit card transactions?

Yes
No

7. What system or systems is used? Please describe.



8. Where are the receipts stored?



9. Who has access to the receipts?



10. Does your department handle personal checks from customers?

Yes
No

11. What system or systems is used? Please describe.



12. Does your department copy these checks?

Yes
No

13. Where are the copies stored?



14. Who has access to the copies?



15. Does your department use any financial system that uses a dial up modem interface?

Yes
No

16. What system or systems is used? Please describe.



17. Exactly what information is collected?



18. Where is it stored (local computer disk, paper copy in filing cabinet, paper copy in locked filing cabinet)?



19. How is access to the information controlled?



20. Who has access to this information? List either job titles or specific individuals with access?



21. Who authorizes access to this information? List either job title (s) or the name(s) of authorizing person(s)?



22. How long is this information retained?



23. How is it destroyed?



24. Is there a policy governing the use of the information?

Yes
No

25. Are there consequences or a procedure that governs violation of the policy?

Yes
No

26. Is there a procedure in place to monitor the security of the information?

Yes
No

Information from Consumer Reporting Agencies:

1. Does your department collect and store non-public private information from any outside agency, such as credit bureaus, college recruiting services, financial reporting agencies or any other consumer-reporting agency?

Yes
No

2. Exactly what information is collected?



3. Where is it stored (local computer disk, paper copy in filing cabinet, paper copy in locked filing cabinet)?


4. How is access to the information controlled?



5. Who has access to this information? List either job titles or specific individuals with access?



6. Who authorizes access to this information? List either job title (s) or the name(s) of authorizing person(s)?



7. How long is this information retained?



8. How is it destroyed?



9. Is there a policy governing the use of the information?

Yes
No

10. Are there consequences or a procedure that governs violation of the policy?

Yes
No

11. Is there a procedure in place to monitor the security of the information?

Yes
No

Information from Governmental Agencies:

1. Does your department collect and store non-public private information from any government agency such as citations, convictions, arrest information veteransı information with financial information, EEO information?

Yes
No

2. Exactly what information is collected?



3. Where is it stored (local computer disk, paper copy in filing cabinet, paper copy in locked filing cabinet)?



4. How is access to the information controlled?



5. Who has access to this information? List either job titles or specific individuals with access?



6. Who authorizes access to this information? List either job title (s) or the name(s) of authorizing person(s)?



7. How long is this information retained?



8. How is it destroyed?



9. Is there a policy governing the use of the information?

Yes
No

10. Are there consequences or a procedure that governs violation of the policy?

Yes
No

11. Is there a procedure in place to monitor the security of the information?

Yes
No

Information Passed between Tulane University and 3rd Party Vendors:

1. Does your department share non-public private information with any outside vendor, such as billing agency, mail house, collection agency, recruiting firm or web services provider?

Yes
No

2. Exactly what information is collected?



3. Where is it stored (local computer disk, paper copy in filing cabinet, paper copy in locked filing cabinet)?



4. How is access to the information controlled?



5. Who has access to this information? List either job titles or specific individuals with access?



6. Who authorizes access to this information? List either job title (s) or the name(s) of authorizing person(s)?



7. How long is this information retained?



8. How is it destroyed?



9. Is there a policy governing the use of the information?

Yes
No

10. Are there consequences or a procedure that governs violation of the policy?

Yes
No

11. Is there a procedure in place to monitor the security of the information?

Yes
No

Thank you,

Form submitted by:

Department:

E-mail Address:

Phone #: