I was wondering how other non-profits comply with the Gramm-Leach- Bliley Act of 2000. Please email me at [Email Removed]. Thank you, Becky Sommer St. Chalres

I don't really see how it applies to non-profits. According to http://www.ftc.gov/bcp/conline/pubs/buspubs/glbshort.htm  it only applies to "Financial Institutions" that are "significantly engaged" in financial activities. 1) We're a healthcare organization, not a financial organization. 2) Taking donations from people doesn't strike me as a "financial service or product". About the closest thing to a financial service or product would be various Annuity Trusts. 3) Even so, these "services" amount to an insignificant part of the organization's activities. This organization is significantly engaged in providing healthcare and in healthcare research, not in providing financial services. Why do you believe that non-profits are required to comply with the Gramm-Leach-Bliley Act? Drew J. Drew Allen Children's Hospital of Philadelphia [Email Removed]

I know that higher ed institutions fall under the Gramm-Leach Bliley Act, so I would think that any non-profit that obtains confidential financial info will also be affected by the Act. The areas of the institution that are affected are those that obtain or have on record anything considered financial info - which includes but is not limited to: social security numbers, tax returns, loan applications, banking information and credit card information. Our college had an ad hoc committee that was charged with making sure the institution met the GLB's requirements. We decided that the following was sufficient for our Advancement Office: 1) Our policy for release of records information - which covers info released to vendors, alum, etc., and, 2) Our policy for safeguarding credit card info and authorization forms containing that info. The requirements of this Act include risk assessment and the physical safeguarding of "customer" financial info. So, a policy regarding the release of info will only cover part of the requirements. If you have a policy in place for safeguarding social security numbers, credit card info, or anything else that is considered financial info, you should be OK. The NACUBO Advisory Report 2003-01 dated Jan. 13, 2003, gives an excellent explanation of why colleges and universities are subject to the new FTC rules regarding safeguarding customer information, what the standards are and the steps that are required to be in compliance. You might also want to look at http://www.ftc.gov/bcp/conline/pubs/buspubs/safeguards.htm . Catherine Catherine Seebald Director of Advancement Services Houghton College One Willard Ave. Houghton, NY 14744 585-567-9395 [Email Removed]