Category: Information Technology
Responsible Office: Information Security Office
Responsible Executive: Vice President and Chief Information Officer (VPCIO)
Date Established: July 3, 2024
The University at Buffalo is dedicated to safeguarding university data in compliance with the Federal Trade Commission’s 2021 amendment to the Gramm-Leach-Bliley Act (GLBA) mandating the protection of student financial aid information by postsecondary institutions. The guidance applies to all UB offices handling nonpublic financial information about students or other third parties in any form.
The University at Buffalo (UB, university) is committed to protecting Category 1 and Category 2 university data and to complying with the requirements of the Federal Trade Commission's safeguard rules requiring universities to implement provisions of the Gramm-Leach-Bliley Act (GLBA). This guidance corresponds with the University at Buffalo Information Security Program, 2024 Qualified Individual Appointment Memorandum, and the Information Security Incident Response Plan.
In 2021, The Federal Trade Commission (FTC) issued amendments to the Gramm-Leach-Bliley Act Standards for Safeguarding Customer Information (Safeguards Rule), requiring all postsecondary institutions and third-party servicers to protect student financial aid information provided to them by the Department of Education or otherwise obtained in support of the administration of the Federal student financial aid programs (Title IV programs) authorized under Title IV of the Higher Education Act of 1965 (HEA).
This guidance applies to all offices which collect, access, maintain, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle any record containing nonpublic financial information about a student or other third party who has a relationship with the University at Buffalo, whether in paper, electronic or other form, which is handled or maintained by or on behalf of the university or its affiliates.
Qualified Individual is responsible for:
Office of the Vice President and Chief Information Officer
Phone: 716-645-7979
Email: vpcio@buffalo.edu
Information Security Office
Phone: 716-645-6997
Email: sec-office@buffalo.edu
Information Security Office - Privacy Contact
Phone: 716-645-5997
Email: privacy@buffalo.edu
Computing and Network Use Policy
Data Risk Classification Policy
Disaster Recovery Plan
Information Security Incident Response Plan
Protection of University Data Policy
UB Emergency Management’s Comprehensive Emergency Management Plan (CEMP)
University at Buffalo Information Security Program