As the representative and technology leader for your financial organization, the responsibility for answering any questions regarding your company’s information-sharing practices to customers and other interested parties falls on your shoulders.
Keeping your financially oriented business’s data security issues in mind, it is critical that you work with your company’s executive staff, managers and IT team to develop a written information security plan under the Safeguards Rule, which is a 2003 added section of the Gramm-Leach-Bliley Act (GLBA).
The Safeguard Rule’s parent Act and benchmark for protecting customer information, the GLBA, was enacted to reform the financial services industry on November 12, 1999, and continues to evolve to address concerns relating to consumer financial privacy, according to the Federal Trade Commission (FTC).
Who Does the GLBA Protect?
The GLBA calls on the FTC and other relevant government agencies to regulate financial institutions, which include commercial banks, investment banks, insurance companies, brokerages, mortgage lenders, wire transfer services, financial planners, accountants, tax preparers, debt collection agencies, debt consolidation organizations, real estate settlement companies, hedge funds and credit unions. Additionally, colleges and universities also fall under the protection of GLBA protection.
What Types of Data Does GLBA Cover?
Since the success of your financial institution relies on your customers’ trust in your word through a combination of protecting their private and confidential data, as well as their financial assets entrusted to your financial center, it is imperative that you and your IT team review and understand all privacy rules associated with the GLBA and adhere to them. These rules help you protect your customers with the backing of the FTC and other government agencies.
The key data that you and your IT staff serve to protect, in adherence to the GLBA, includes everything that falls under “personally identifiable information” or “non-public personal information,” according to Insurance Journal and the FTC. This type of information includes anything that can provide a link to the customer through their transactional data that your financial institution has collected. The very data criteria that makes customers’ personal information crucial to your relationship with them is the same data criteria that makes them so appealing and vulnerable to third-parties with bad intentions.
Some of the key non-public personal information you must protect includes each customer’s full name, maiden name, home address, birth date, bank account information and social security number. Looking at such basic information might seem innocuous in the context of daily business, but in the wrong hands, the information can serve to alter a person’s life in profound ways. Thanks to the GLBA, you can make sure you understand all the data that you and your team need to protect. The GLBA can also help you develop a guide so you and your team stay in compliance at all times to protect your customers and your financial institution.
Developing Your Guide to GLBA Compliance
To avoid becoming a victim of a devastating breach, such as the summer of 2014’s massive hack of JP Morgan and other financial institutions’ data stores, which affected 80 million customer accounts, you need to develop a guide for to make sure that your financial institution continually remains in GLBA compliance for the protection of everyone involved.
One of the first considerations that you need to make is whether or not your organization needs to stay GLBA compliant. If your organization is even loosely related to the financial sector, it is worth investigation as to whether or not you need to adhere to these rules and regulations. However, if you are certain that you need to stay GLBA compliant, you can develop strategies to help your executive board, management team, general employee pool and IT department stay compliant to serve and protect your customers and your business.
The best way to develop your guide to GLBA compliance is to design and enact a privacy and security program that you and your IT team can monitor and audit regularly. Implement the following privacy and security tasks to help you tick off the important GLBA criteria of your checklist to ensure compliance:
Identify and Assess Risk.
The FTC notes that you need to take into account all facts and circumstances that surround financial activities in which your financial institution is “significantly involved.”
Deliver Regular Privacy Statements.
Whether you choose to send updated privacy statements annually or monthly is up to you and your organization. It is simply important that you send them at least on an annual basis, or if a new and urgent update develops that will help your customers feel at ease and proceed with proper caution and compliance of their own.
Develop Physical Security Measures.
Grant access only to employees who deal directly with clients to reduce risk. Examples of limited access information might include financial aid and loan applications, income and credit histories, transactional information and account balances.
- Encrypt Customer Data. Protect online data, which might include credit histories or loan applications, as well as any data in transit via email correspondence or in shared network files.
- Provide Detailed Training for Employees and Follow-Up to Ensure Personal Responsibility. A cornerstone of protecting your customers starts with making sure you have hired employees in whom you and your employers can place your trust in the financial sector, so perform background checks, as appropriate for their position. Instill the importance of privacy concerns and your adherence to the rules of GLBA, which requires their cooperation. Set up training sessions, send frequent confidentiality reminders and perform regular audits to ensure compliance.
- Prepare for System Failures, Including Those Involving Environmental Hazards and Technological Failures. Develop a disaster recovery program to ensure backup and protection of data in various circumstances.
- Create a Quick Response Team When a Breach is Suspected or Detected. Train your staff, management and CEOs to note any suspicious activity they might detect and to report it to your team immediately so you can investigate. The sooner you note any potential threats and eliminate them, the better you can protect your customers and your organization.
- Perform Controlled Testing and Audit Sessions at Regular Intervals. Ensure your computing system’s security, key controls and procedures, in accordance with the GLBA to see where your organization can improve its compliance.
Rely on Advice from Trusted Industry Experts Who Constantly Monitor Updates to the GLBA
You can reach out to trusted industry experts who specialize in GLBA compliance at firms like I.S. Partners, LLC. to ease your mind and always have the most current updates at your fingertips. Call us at 215-675-1400 or request a GLBA quote to learn more about our services.