Regulated primarily by the Federal Trade Comission (FTC), and in some cases by the Securities and Exchange Commission (SEC), the Gramm-Leach-Bliley Act (GLBA) is a comprehensive federal law that requires that covered financial institutions develop, implement, and maintain administrative, technical, and physical safeguards to protect the security, integrity and confidentiality of customers’ financial information.

 

Businesses that are normally “covered” by (need to comply with) the GLBA are entities that regularly provide financial products (brokerage, credit or loans) or financial services (making, acquiring, brokering, collecting, or servicing loans) to consumers, such as:
 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The three principal parts of the GLBA are:

 

Financial Privacy Rule that requires privacy notices and “opt-out” features;

 

Safeguards Rule that requires administrative policies and procedures; information technology system security, encryption, controls and protections; and physical safeguards and procedures to report and mitigate actual or suspected breaches.

 

Pretexting Protection to prevent unauthorized people from acquiring personal financial information through fraud or deception.

 

Those businesses that do need to comply should keep in mind that—

 

   > Compliance is not an IT-only project
   > You need to get your security policies in order
   > Potential risks need to be continually identified
   > Both non-public and public information must be protected
   > Annual privacy policy information should include more than a web page
   > You need to manage your third party providers (vendor management)
   > Data should be encrypted in storage and in transit
   > Data you don't need should be destroyed

 

Engage Inquesta Compliance Consulting to review and update an existing GLBA program to assure compliance, or institute a new turn-key program for your organization that includes all the policies, procedures, controls and personnel training required. What's more, many businesses that need to comply with the GLBA may also need to comply with the FACTA Red Flags Rule. Because these two regulations have many similarities and overlaps, Inquesta can assure that both programs are instituted in a coordinated and cost-effective manner.