There are numerous rules and regulations regarding how financial institutions should manage, share, and destroy their client’s personally identifiable information (PII); but what exactly is GLBA? GLBA, also known as the Gramm-Leach-Bliley Act or the Financial Services Modernization Act of 1999, is a federal law that was enacted in November of 1999. It is responsible for defining and controlling how private information is handled and destroyed, and covers three separate sections that each apply to all financial institutions. These sections include the Financial Privacy Rule, the Safeguards Rule, and the Pretexting Provisions.
Financial Privacy Rule
The Financial Privacy Rule covers information related to privacy notices, including why they are essential and how to correctly assemble them. According to the requirements outlined in the Financial Privacy Rule section of the GLBA, privacy notices between financial institutions and consumers should be reviewed and accepted during the establishment of the initial relationship and then again each year after that. A privacy notice must explain to the corresponding consumer exactly what information is or has been collected, where the information was or will be shared, how it has been or will be used, and how it is or will be protected. Consumers also have a right to opt-out of having their information shared according to the Fair Credit Reporting Act, which should also be covered in the privacy notice.
The Safeguards Rule covers the development of tangible written security plans. According to this section, financial institutions must prove their preparedness, as well as explain how they continue to protect their clients in the future through detailed security plans. In order to remain compliant with the GLBA, a security plan must include: at least one designated employee responsible for managing the safeguards, a comprehensive risk analyses on every department that handles private information, and regularly updated safety programs that properly reflect the most recent chances effecting how information is gathered, retained, and used.
Lastly, the Pretexting Provisions sections of the GLBA relates to how financial institutions must evade the unlawful accumulation of information through “pretexts.” Online phishing, fake telemarketing calls, and spam emails are all examples of pretexts that can each result in someone’s personal information falling into the wrong hands. The security plan you develop in accordance with the Safeguards Rule should specifically outline procedures for combating these types of situations, with an emphasis on proper employee training. Recognition is your first defense against false pretenses, so making sure your employees are well-trained should always be one of your first steps toward success.
To keep up with the GLBA demands and ensure that you always remain compliant, contact the experts at Corrigan Record Storage by calling 248.344.9185 or 1.800.944.7716, or completing the contact form in the sidebar.