Skip to content. | Skip to navigation

Personal tools
You are here: Home Bursar's Office Student Information Campus-Based Loans Privacy Statement

Privacy Statement

by ltfehl01 last modified Dec 19, 2008 05:19 PM

University of Louisville Non-Public Personal Information Policy

Gramm-Leach-Bliley Act (GLBA)

Effective May 23, 2003


On November 12, 1999, the Gramm-Leach-Bliley Act (GLBA) was passed into law. The Federal Trade Commission requires financial institutions to ensure the security and confidentiality of non-public personal information (NPI) as of May 23, 2003. For purposes of administering the act, colleges and universities must ensure that NPI is secure, confidential, and protected from unauthorized access and threats. The following safeguarding policies and practices are administered at the University of Louisville (UofL).

1. UofL has established the Bursar,s Office as the administrative office responsible for ensuring that compliance to GLBA is followed by students, faculty, administrative, and entities affiliated with the University.

2. UofL discloses information only as necessary to perform specific functions and responsibilities required to meet its academic and business mission. NPI will not be provided to individuals or organizations where such information is not required to achieve its contracted objective.

3. UofL contracts with service providers who are capable of maintaining and safeguarding customer information as required by GLBA.

4. UofL utilizes appropriate safeguards to protect Personal and NPI such as but not limited to: network firewall, data encryption, user, password, and pin number protection, data back-up and redundancy to prevent the unauthorized use/theft, or compromising of customer non-public personal information.

5. Faculty, administrators, and staff with access to NPI are trained in policies and procedures to maintain strict confidentiality of customer NPI. Questions regarding appropriate disclosure of NPI will be directed to Carol Babb in the Bursar's Office.

6. UofL publishes a clear and conspicuous NPI safeguard policy electronically and policy is available for public review.

7. UofL administers an information risk assessment program to evaluate the current effectiveness of NPI safeguarding controls and procedures. Examples of areas that have significant non-public personal information are: Human Resources, Information Technology, Admissions, Registrar, Bursar’s Office, Controller’s Office, Financial Aid, Metropolitan College, Public Safety, Student Services, and University Relations.

GLBA Appendix. Securing Information

Employee Management and Training Procedures


Shall include:

Check references prior to hiring employees who will have access to customer information. 

Require employees to sign an agreement to follow UofL’s confidentiality and security standards for handling customer information.

Employees are trained to take basic steps to maintain security, confidentiality, and integrity of customer information, such as:

__locking rooms and cabinets containing paper records

__properly shred documents with sensitive information

__using password activated screen savers

__using strong passwords

__routinely require password prompted changes

__encryption of sensitive customer information when it is transmitted electronically over networks or stored online

__referring calls or other request for customer information to designated individuals who have had safeguards training, and recognizing fraudulent attempts to obtain customer information and reporting to appropriate law enforcement agencies

__limits access to customer information to employees who have a business reason for seeing it.

__consumers are cautioned against transmission of sensitive data via email

__advise customers to utilize password protection in transmitting sensitive information.

 

Information Systems

Security is maintained throughout the life cycle of customer information from data entry to data disposal as follows:

__Electronic information is stored in secure locked computer centers, protected against destruction and damage form potential physical hazards.

__Electronic customer information is maintained on a physically secure dedicated server accessible by password.

__Sensitive information is not stored on a machine with a non secure internet connection.

__Data is secured on back-up media and archived for disaster recovery.

__E-Commerce and other credit card data is collected utilizing servers that employ top level SSL encryption software.

__Customer information is disposed of in a secure manner; outdated information residing on hardware no longer in use is completely destroyed.

Managing System Failures

The following procedures are endorsed to prevent, detect, and respond to attacks, intrusions or other system failures.

__IT maintains a written contingency plan to address any breaches of physical, administrative or technical safeguards.

__Routinely applies vendor’s software patches that resolve vulnerabilities, and maintain automatic anti-virus software updates.

__IT maintains up-to-date firewalls and provides central management of security tools for IT employees.

__Routinely backs-up all non-personal customer information.

__Notifies customers promptly if their non-public personal information is subject to loss damage or unauthorized access.

Document Actions
CONTACT INFORMATION

Bursar's Office
Houchens Building
Suite 101
Monday - Friday
9:00 am - 5:00 pm
Email the Bursar
Phone: 502-852-6503
Fax: 502-852-7032

Student Billing
Phone: 502-852-6503

Not Enrolled, Past Due Balance
Phone: 502-852-6843

Perkins/Campus-BasedLoans
Phone: 502-852-2687

University Departmental Information

Questions about Student Billing

Email the Bursar

502-852-6503

Campus Locations

Budget & Financial Planning
Phone: 502-852-6166

Grawemeyer Hall
Room 20
Louisville, Ky. 40292

Bursar's Office
Phone: 502-852-6503

Houchens Building
Room 101
Louisville, Ky. 40292

Controller's Office
Phone: 502-852-7072

Service Complex
2nd Floor
Louisville, Ky. 40292

Payroll Office
Phone: (502) 852-2978

Personnel Services Building
1980 Arthur Street
Louisville, Ky. 40208-1707

Position Management
Phone: (502) 852-2978

Personnel Services Building
1980 Arthur Street
Louisville, Ky. 40208-1707

Vice President for Finance
Phone: 502-852-6166

Grawemeyer Hall
Room 20
Louisville, Ky. 40292

 
Personal tools