Future Students
Undergraduates
Graduates
Current Students
Undergraduates
Graduates
MTSU Alumni
Faculty and Staff
Gramm-Leach-Bliley Plan

Gramm-Leach-Bliley Plan

Representatives of various operational units at Middle Tennessee State University convened to discuss the objectives of the Gramm-Leach-Bliley Act (GLB) and its application to activities, services, or programs which use information such as Social Security Numbers or other Student Identification Numbers that could allow unauthorized access to a student or employee's financial information. It is absolute in some departments and probable in others that information is maintained or shared internally and with third parties, thus having the potential for unauthorized access, breach of confidentiality, or at least weaknesses which should be addressed.

Campus entities identified as those which may house or provide a gateway to financial information are:
  • Academic Affairs (Administrative and Faculty)
  • Student Affairs and Enrollment Management (Academic Support, Student Life, and Enrollment Management)
  • Auxiliary Services (Housing, Health Services, Bookstore, Post Office, Recreational Center, and Parking Services)
  • Development and University Relations (Alumni Relations, Advancement, Development Office, and News & Public Affairs, Publications and Graphics, Photographic Services, and Printing Services)
  • Business and Finance (Business Office, Public Safety, Human Resources, and Administrative Services)
  • Information Technology Division (Network Services, Administrative Information Systems, Telecommunications, Academic & Instructional Technology Services, Communication Support Services, and Computer Operations)
  • President's Direct Reports (Vice Presidents, Athletics, Internal Audit, Equal Opportunity & Affirmative Action, and University Counsel)
  • Provost's Direct Reports (Deans and other administrative personnel)

Each of the identified units will be directed by the appropriate administrative authority to review and evaluate their current policies and procedures in regard to security of confidential information. Review and evaluation will include information stored and disposed of internally as hard copy and electronically. Third party access or transmission will also be addressed by having the unit identify all third parties including, but not limited to the review of existing contracts for language regarding the security of data, and routing of new contracts through the Contracts Office for inclusion of appropriate security language. It will also be determined if the electronic method of access or transmission is secure from unauthorized access.

During the course of University daily interaction, confidential information is often verbally communicated with students and other employees in a public venue. It is important that the risks of verbal transmission and open viewing of computer screens be reviewed and risks addressed appropriately. MTSU's employment of over 1600 faculty and staff make it imperative that training programs be implemented as a safeguard. New staff, both administrative and academic, must receive training in regard to the sensitive information they will be expected to safeguard during the routine execution of their duties. Current staff, both administrative and academic, need refresher training on protection of information which is confidential. Once appropriate staff receive training, participation in on-going training and education will be required. The training sessions will be developed and provided by staff members charged with the responsibility of overseeing such information. To be effective it is imperative that the provost, deans, and other administrators mandate and strongly support attendance and participation in the training modules.

A thorough examination of the processes and procedures used to provide the expected level of service to over 22,000 students on a campus along with 1600 staff and faculty will, no doubt, identify possible breaches of security of financial information of students or employees. It is expected that the revealed weaknesses will be called to the attention of unit supervisors and measures will be taken to incorporate appropriate security. Also, there may be practices identified as at risk but for which there is no feasible installation of higher level of security due to budgetary or physical constraints. In such cases, it is expected that these weaknesses will be noted with the appropriate administrators for future budget or physical considerations.

The MTSU Gramm-Leach-Bliley Committee has designated Alan Thomas, Controller of the University and Sherian Huddleston, Assistant Vice Provost for Enrollment Management as coordinators of the Information Security Plan. This plan will be placed on the MTSU web site as a link under Information Technology. On an annual basis the coordinators will request a review of each specified department's processes and procedures in addition to the identification of other departments which should be included in the Plan. Changes in technology, physical relocation, and organizational changes are inevitable. Therefore, it is expected that each department will file a report with the GLB Committee on an annual basis upon the request of the designated coordinators. It is also expected that detailed GLB security plans for each department will be maintained within each department and available upon request.

2013 Middle Tennessee State University, a Tennessee Board of Regents institution 1301 East Main Street, Murfreesboro, TN 37132-0001 USA +1.615.898.2300

Middle Tennessee State University, in its educational programs and activities involving students and employees, does not discriminate on the basis of race, color, national origin, sex, religion, or age. Furthermore, the university does not discriminate against veterans or individuals with disabilities.

Regents Online Campus Collaborative