The Gramm-Leach-Bliley Act (GLBA) is a federal law passed in 1999 to regulate the activities of institutions engaging in financial activities. The GLBA establishes both consumer privacy rights as well as required security measures on the collection, storage, and use of consumer information.
The GLBA was updated in 2020 to include specific required security controls. The GLBA addresses the safeguarding and confidentiality of customer information held by financial institutions. The definition of “financial institution” used by the GLBA is broad and includes colleges and universities. Due to specific units at Penn State collecting non-public personal information (NPI), the university must comply with the GLBA. Visit the FTC's site for additional information.