header-logo
Main Campus Entrance-MKE
Gramm-Leach-Bliley Act (GLBA) Compliance Program

Gramm-Leach-Bliley Act (GLBA) Compliance Program

MCW's Commitment

The Gramm-Leach-Bliley Act (GLBA) requires financial institutions, including universities that offer financial aid, to protect the privacy and security of consumer financial information. The GLBA Safeguards Rule mandates the implementation of an Information Security Program to safeguard sensitive data.

This page outlines the Medical College of Wisconsin’s commitment to GLBA compliance and the measures we take to protect student and employee financial information.

The program applies to all Medical College of Wisconsin departments and personnel who handle:

  • Student financial aid records
  • Tuition payment and billing information

The GLBA Information Security Program is overseen by the Medical College of Wisconsin Chief Information Officer. Consistent with the University Information Security Policy who may designate other qualified representatives of the Medical College of Wisconsin to oversee and coordinate particular elements of the GLBA Information Security Program.

Safeguards and Controls

To comply with GLBA, the Medical College of Wisconsin has implemented the following safeguards:

Risk Assessment

  • Regular assessments of internal and external risks to data security
  • Identification of vulnerabilities in systems and processes

Access Controls

  • Role-based access to sensitive data
  • Bi-annual review of account access

Encryption and Data Protection

  • Encryption of data for required reporting
  • Secure storage and disposal of physical and digital records

Employee Training

  • Annual cybersecurity awareness training
  • First-time FERPA training for new users

Vendor Management

  • Contracts with third-party service providers include data protection clauses
  • Periodic reviews of vendor compliance with GLBA standards

Incident Response

  • Documented procedures for responding to data breaches
  • Notification protocols for affected individuals and regulatory bodies

Reporting

  • Annual report written to the Medical College of Wisconsin to the Board of Trustees

Compliance Monitoring

  • Regular reviews of the Information Security Program and supporting policies
  • Penetration testing and vulnerability scans
  • Internal audits of data handling practices

Additional Resources

© 2026 Medical College of Wisconsin.  All rights reserved.  | Terms and Privacy | Web Accessibility Statement

Non-Discrimination, Anti-Harassment, and Legal Compliance Statement
The Medical College of Wisconsin (MCW) is committed to fostering a diverse community of outstanding faculty, staff, and students, as well as ensuring equal educational opportunity, employment, and access to services, programs, and activities, without regard to an individual's race, color, national origin, religion, age, disability, sex, gender identity/expression, sexual orientation, marital status, pregnancy, predisposing genetic characteristic, military status, or other legally protected classification. MCW maintains full compliance with all applicable federal, state, and local laws and regulations in pursuit of our missions. Consistent with federal guidance, we affirm our commitment to individual merit, fairness, and equal treatment in all aspects of academic and institutional decision-making.

MCW's policies, federal and state laws, and regulations prohibit unlawful discrimination and harassment. Employees, learners, students, applicants, or other members of the MCW community (including but not limited to vendors, visitors, and guests) may not be subjected to harassment that is prohibited by law or treated adversely or retaliated against based upon a protected characteristic.