About Information Security

Compliance with the GLBA/FTC Safeguards Rule

The Gramm-Leach-Bliley Act (GLBA) requires "financial institutions" as defined by the Federal Trade Commission (FTC), to protect and secure constituent information such as names, social security numbers, addresses, account and credit card information. The GLBA sets forth extensive privacy rules which the University is deemed to be in compliance with because of its adherence to the provisions of the Family Education Rights and Privacy Act (FERPA). The GLBA also establishes a Safeguards Rule, from which the University is not exempt, that requires the University to protect and safeguard constituent information.

The Safeguards Rule requires financial institutions to secure constituent information. It requires the University, as a financial institution, to develop a written information security plan that describes its program to protect constituent information.

Information Security Advisory Committee

The Information Security Advisory Committee (ISAC) is a cross campus team representing the major work centers, business activities, information technology staff, and students. The team should be charged with the coordination of the following types of activities:

• Recommendation of practices, policies, and procedures for ensuring the security, privacy, and confidentiality of constituent records, and other sensitive information to ensure the University is in compliance with applicable government policies such as the Family Educational Rights and Privacy Act (FERPA) and the Gramm-Leach-Bliley Act (GLBA) and others.

Legal Issues

When you believe that you have been the victim of a computer crime or abuse:

1. DO NOT attempt to retaliate or address the problem yourself. Responding to email or contacting the abuser may aggravate the problem for you, your computer or ASU. Some of your actions may place you or ASU at greater legal risk. Most forms of retaliation are illegal and can compromise ASU's attempts to pursue the issue.
2. Contact the Information Technology Services Help Desk at (706) 737-1482 and the ASU Public Safety Office at (706) 737-1401. Information Technology Services will address the technical issues regarding the abuse. b) The campus Public Safety office is well versed in handling computer crimes and can provide advice and guidance to insure that the incident is appropriately documented and investigated in case legal action becomes necessary.
3. Do not ignore computer crime or abuse. Historically, people who engage in computer crime or abuse do not stop until some action is taken to identify and expose them.

For more information refer to the ASU Computer and Network Policy or search the Georgia Code . Using keywords such as "computer crime" or "computer" yield good results. However, it is still best to consult with the ASU Public Safety Office in regard to the legal issues of computer crime or abuse. There may also be additional or complimentary federal laws which are applicable.