Federal Privacy Act Impacts NMU

Northern stopped using social security numbers last year and implemented a system of identification numbers to protect students’ personal information. But a federal act requires that more measures be taken to ensure privacy.

For example, Dave Maki (AdIT) said academic departments and campus offices should not store personal information on current or former students on departmental servers, personal computers, or even in hard-copy form unless they are in compliance with all policies and safeguarded to protect the data.

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bililey (GLB) Act, ensures the protection of consumers’ personal financial information held by financial institutions. NMU and other universities fall under this act because they lend funds to consumers through financial aid.

“There are two main parts of the GLB Act that affect Northern: the Privacy Rule and the Safeguards Rule,” said Maki. “Since NMU is compliant with the Family Education Rights and Privacy Act, it is therefore compliant with the GLB Privacy Rule. The Safeguards Rule requires administrative, technical and physical safeguarding of customer information; NMU has policies and procedures in place to safeguard personal information. We have also stopped using social security numbers, and we are working to ensure that we are compliant with the new Visa/Mastercard regulations concerning the security of credit card information.”

Compliance with the GLB Act must be university-wide, and Maki said NMU is monitoring its progress. Besides social security numbers and credit card information, students’ names, addresses, phone numbers, birth dates, driver’s license numbers and mother’s maiden names also qualify as personal information that needs to be protected.