The Gramm-Leach-Bliley Act requires financial institutions—which includes colleges and universities—to protect the privacy of their customers, including customers' nonpublic, personal information. Because universities are governed by the GLBA, Western Michigan University has a responsibility to secure the personal records of its students and employees. To ensure this protection, the GLBA mandates all institutions establish appropriate administrative, technical and physical safeguards.

By customer information, the Gramm-Leach-Bliley Act means information typically gathered in connection with obtaining a financial product or service; this includes but is not limited to include names, addresses, phone numbers, bank and credit card account numbers, income and credit histories and Social Security numbers.

In an effort to set safeguarding standards the GLBA directs that all financial institutions implement an Information Security Program and designate a program coordinator.

The Information Security Program must include five main elements:

  1. Designation of an employee or employees as coordinator of the information security program.
  2. Identification of internal and external risks to the security and confidentiality of customer information and evaluation of current safeguards.
  3. Employee training.
  4. Oversight of service providers.
  5. Evaluation of the information security program.