Learn More About the Basics of the GLBA
The Gramm-Leach-Blilely Act (GLBA or the Act), which is also known as the Financial Services Modernization Act of 1999, repealed part of the Glass-Steagall Act of 1933 and serves to ensure that companies that offer financial products, such as loans and mortgages, protect their customers’ personal data.
The Act requires financial institutions to submit and explain their information-sharing practices to their customers. It also requires financial institutions and financial product providers to protect sensitive data by developing a written security plan under the Safeguards Rule.
What Information Do Financial Institutions Need to Protect?
Businesses that collect sensitive financial data from customers fall under the heading of “financial institutions,” according to the Federal Trade Commission (FTC). According to the Safeguards Rule, the FTC goes on to note the sensitive customer information includes:
- Telephone Number
- Bank and Credit Card Numbers
- Credit Histories and Reports
- Social Security Number
It is critical that financial institutions adhere to protecting this data to prevent unauthorized use, distribution or any other illegal access to this non-public customer information. Customers not only value their privacy, but they are entitled to it when submitting confidential data to a financial institution.
Section 501(b) of the GLBA lays out the responsibilities of financial institutions, relating to administrative, technical, and physical safeguards:
- The financial institution ensures the security and confidentiality of the customer’s records and information.
- The financial institutions protects against any threats to the security or integrity of the customer’s records.
- The financial institution uses all possible safeguards to prevent unauthorized access to the customer’s private information.
What Types of Businesses Fall Under the Heading of “Financial Institutions” and Benefit from the GLBA?
Many businesses may not consider themselves financial institutions in the traditional sense, but they may want to reconsider their position, when it comes to the Safeguard Rules. What many business owners may not fully understand is that any business that is “significantly engaged” in distributing financial services or products is responsible for adhering to the Safeguards Rule. Anyone in doubt about their business should consult a knowledgeable GLBA auditor.
It may help to view a list of companies that clearly, and not so clearly, fall under this category to ensure full compliance to protect consumers’ data and business owners’ reputation:
- Check-cashing Companies
- Payday Lenders
- Mortgage Brokers
- Non-bank Lenders
- Personal Property or Real Estate Appraisers
- Professional Tax Preparers
- Courier Services
- Traditional Banks
- Real Estate Settlement Companies
- Insurance Companies
- Security Firms
- Financial Planners
- Debt Collection Agencies
- ATM Operators
What Are Some Key Facts About GLBA All Financial Institutions Should Know?
There are some key pieces of information that everyone should always keep in mind about the GLBA, including:
- While GLBA covers a wide range of businesses, not all businesses need to comply with the Act.
- Businesses should continually monitor for GLBA compliance and note any issues right away.
- Business owners need to monitor third-party providers’ adherence to GLBA.
- Destruction of data that is no longer needed is the best course for businesses.
- IT managers should assign one or more employees to head up the information security plan.
- Regularly testing for GLBA compliance is the best way to stay in compliance.
- The security plan must be designed and implemented according to the size and complexity of the organization and its volume of data. The plan must also consider the nature of the business’s activities and the sensitivity of the customers’ data.
Each company is unique and can follow its own path toward compliance as long as it is, at the time of an official audit, compliant.
What Are the Penalties of GLBA Non-Compliance?
One of the worst penalties associated with GLBA non-compliance is compromising customers’ data and suffering a breach. Once a company suffers a breach while not adhering to the Safeguards Rule, they risk losing hundreds, thousands, or more customers.
Additionally, businesses that lose track of compliance lose time in trying to properly notify all the necessary parties, including the customers, local law enforcement, credit bureaus, and other businesses that may feel the ripple effect of a breach.
With that, while there are no official penalties, not following the Safeguards Rule can cost businesses customers, time, resources, and productivity.
Why Is the GLBA Audit So Invaluable to Consumers and Financial Institutions?
A GLBA audit helps IT teams unearth simmering problems with their information security plan, giving them a chance to course-correct before a cyber-criminal has the chance to use the most minute vulnerability to their advantage. When working with a professional GLBA auditor, IT professionals will receive guidance and gap analysis to reach GLBA compliance. The auditor reviews the written information security plan to help refine it to thoroughly protect consumers’ records.
Who Can Help You with Your Upcoming GLBA Audit?
At I.S. Partners, LLC., our GLBA auditors can easily help your IT team find the best strategies toward consistent and continual compliance with GLBA and the Safeguards Rule. We will help you provide all the necessary information for your GLBA audit that explains your information-sharing plan that focuses on protecting your valued customers’ sensitive confidential data. Our Seal of Excellence provides transparency to your customers, as far as your compliance and their ability to opt out if they do not want you to share their personal information with certain third-parties.
If you need help designing your written information security plan, you need help determining whether you need to comply with GLBA and Safeguard Rules, or if you need a professional GLBA auditor to take over the reins of your next audit, send us a message or call us at 215-675-1400. We would love to learn more about your business and your needs!