GLBA requires the University take reasonable steps to select and retain service providers who maintain appropriate safeguards for covered data and information.
Going forward, all contracts should be reviewed to ensure that the following language is included:
Service Provider agrees to implement and maintain a written comprehensive information security program containing administrative, technical and physical safeguards for the security and protection of Customer Information and further containing each of the elements set forth in § 314.4 of the Gramm-Leach-Bliley Standards for Safeguarding Customer Information and the Red Flag Rules issued by the Federal Trade Commission.
For assistance, review a copy of a sample Addendum.
Last revised: February 2019