Posted on August 6th, 2013 1 comment
What is GLBA?
Also known as the Financial Services Modernization Act, the Gramm-Leach-Bliley Act (GLBA) was enacted in 1999 to protect private consumer information held by financial institutions. The GLBA requires banks to develop privacy notices and to provide customers with the option of prohibiting the sharing of their confidential information with non-affiliated third parties. On July 1, 2001, the Act was amended, requiring financial organizations to have a comprehensive, written information security program in place.
Who is affected by GLBA ?
The GLBA applies to virtually every business in the United States engaged in the “financial services” industry: institutions that provide financial products and services to consumers. This applies to all national banks and federal branches of foreign banks that are required to follow US banking regulations.
According to the Act, financial institutions are required to implement a comprehensive, written information security program that includes proper administrative, technical and physical safeguards, the nature of which are dependent upon the size and complexity of the organization. This requirement extends to any subsidiaries of the parent financial organization. The program must be designed to protect consumers’ non-public, personally-identifiable information by ensuring security and confidentiality of data, by preventing potential risks and threats to data, and by protecting against unauthorized access to or use of consumers’ private information.
When using service providers such as an outsourced document destruction company, financial institutions have a duty to safeguard their customers’ information while it is in the possession of the outsourced company. To adhere to this, the financial organization must use due diligence in selecting, managing and monitoring the service provider to ensure consumers’ private information is protected. This includes entering into contracts with a document destruction company when appropriate.