According to USA Today in 2007, two years after Hurricane Katrina, it was estimated that…
Gramm-Leach-Bliley is one of the first Acts developed to ensure the privacy and security of companies’ sensitive data. With unique requirements for both information availability and data security, this Act is a must-know for companies in the financial services sector.
In this series we outline how 7 of today’s biggest regulations affect your company, its information security and availability.
The Gramm-Leach-Bliley Act (1999)
The Gramm-Leach-Bliley Financial Services Modernization Act (GLBA, for short) is specifically targeted at the financial services sector. The rules outlined by the Act affect companies that are classified as financial services firms under the jurisdiction of the Federal Trade Commission (FTC). These are defined as “companies that offer financial products or services to individuals, like loans, financial or investment advice, or insurance.” This could include:
- Debt collectors
- Courier services
- Mortgage brokers
- Real estate appraisers
- Check-cashing businesses
- Professional tax preparers
- Consumer reporting agencies
- Retailers that issue credit cards
In addition to abiding by these guidelines themselves, companies that fall under the Act must also ensure that their affiliates and service providers safeguard the customer information that is being shared with them.
The Privacy Rule
The first part of the Act requires that financial services firms clearly explain their information-sharing practices to their customers. This is outlined under the Privacy Rule, and requires that institutions provide each customer with a notice explaining their practices. These outlines must include where customer information is sent, how it is used, and how it is kept secure. Consent by each customer is required, and customers must consent to an updated privacy notice whenever a change to the policy is made.
The Safeguard Rule
Perhaps the most famous part of this Act is known as the Safeguard Rule. This Rule requires that companies enact measures to keep their data secure in the face of possible threats and hazards. As a result, the security and integrity of consumer data is essential even without an apparent or immediate threat. This includes data that is already stored, as well as any data collected from consumers at any point in time.
The Solutions You Need To Be Compliant
Under the Privacy Rule, it is paramount that companies enact data security measures with secure, unalterable data stores to ensure consumers’ personal privacy. Companies must also ensure that unauthorized eyes can’t access sensitive client information. Avoiding unauthorized access, or “pretexting,” is essential in order to uphold company privacy policies in addition to the policies outlined by the Privacy Rule. Companies must ensure that their data is being backed up reliably, and to a secure target, such as a private cloud.
To abide by the Safeguard Rule, companies must have disaster recovery (DR) protection that will ensure data is resilient in the face of any possible disaster – whether it be a natural disaster, failed hardware, or even simple human error. Companies must have a tested data security plan which they can outline in written form, including a risk assessment for each system and an explanation of how the company is prepared against possible threats. Threats can jeopardize data security, safety and integrity – which requires DR solutions – or data availability, which requires high availability (HA) or partial failover solutions. This will ensure that data is available, accessible, and actionable 24x7x365.
In summary, the Gramm-Leach-Bliley Act requires:
- Reliable backups
- Secure data stores
- Written privacy practices
- Preventative disaster protection
- Data availability, accessibility, and usability
For more information on how to keep your data secure, available and compliant for regulations like The Gramm-Leach-Bliley Act, contact us today at 317 – 707 – 3941 or use the form below.