The Gramm Leach Bliley Act (GLBA) applies to units that receive certain personal information from individuals for certain activities. Traditionally, these transactions include things like loans, payment plans, and deposit accounts. However, there are many other types of activity that could subject a group to these standards. Determining whether a unit is covered will require collaboration between unit leadership, financial officers, and OIS. Any data subject to GLBA is considered High Risk Data (Level 3) in the Penn State Information Classification framework. Any questions about whether your unit is covered or how to comply with GLBA should be directed to firstname.lastname@example.org.