Skip to main content

Financial Information - Gramm-Leach Bliley Program

The Fair and Accurate Credit Transactions Act of 2003 amended the Fair Credit Reporting Act, and required the Federal Trade Commission (FTC), together with other regulatory agencies, to issue and enact regulations requiring financial institutions and creditors to develop and implement written identity theft prevention programs. These regulations apply to the University because it is a “creditor”, which is defined as any person who defers payment for services rendered.  Instances of such activity would be permitting medical patients to pay for services over time, permitting students to pay tuition throughout the semester rather than requiring payment in full at the beginning of the semester, and participating in the Federal Family Education Loan (FFEL) and Perkins student loan programs.

The University has developed and implemented an “Identity Theft Prevention Program” (ITPP) for the identification, detection, prevention and mitigation of theft of personally identifiable financial information in covered accounts, which are defined as those accounts where multiple payments or transactions are permitted.

The University of Missouri’s ITPP was approved by the Board of Curators on February 6, 2009.

Navigation Menu

Resources, Policies and Related Links

ITPP program:

ITPP Training: 

UM Policy 11010 - Protection of Personally Identifiable Information

Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transaction Act of 2003 (16 CFR . § 681.2). On November 9, 2007, the Federal Trade Commission (“FTC”), the federal bank regulatory agencies, and the National Credit Union Administration, published a joint notice of final  rulemaking in the Federal Register finalizing the Identity Theft Red Flags regulations and guidelines.

Other Links:


Things to Remember

All employees are responsible for protecting the personal information that the University of Missouri gathers and uses - it only takes a few details about an individual for a criminal to steal an identity: information that the University faculty and staff compile, store and access regularly.

Whenever you gather information (especially sensitive or private information), make sure you understand and clearly note the purpose(s) for which that information is being gathered. That way, you can ensure the information is used appropriately in the future.

As a general rule, you should only be accessing information or records when you have a legitimate need to know or access that information - for instance, only accessing student records when there is a legitimate educational purpose, and only accessing business records when there is a legitimate business purpose.

Privacy regulations may apply to sensitive information that is stored or transmitted on any type of media - electronic, paper, microfiche, and even verbal communication.



ITPP Committee Contacts: 

For legal assistance, please contact the Office of the General Counsel at

Reviewed 2022-06-14