| |
Gramm-Leach-Bliley Act
What is Gramm-Leach-Bliley?
The Gramm-Leach-Bliley Act (commonly called GLB or GLBA) is also known as the Financial Modernization Act of 1999. The GLB Act includes
provisions to protect all consumers' personal financial information held by financial institutions.
How are email records involved?
Today, the vast majority of organizations use email to communicate internally and as a vehicle for the exchange of documents and
correspondence between businesses and consumers. Since personal financial information can be transmitted by and retained in electronic
formats, it is critical to ensure that the management of such records complies with GLB.
What organizations are impacted?
The GLB Act applies to "financial institutions" - businesses that offer financial products or services to individuals to be used
primarily for their personal, family, or household purposes. Financial institutions include, for example, banks, securities firms
and insurance companies; such entities are covered by the SEC (Securities and Exchange Commission). Businesses that provide many
other types of financial products and services to consumers fall under jurisdiction of the FTC (Federal Trade Commission) for the
purposes of enforcing GLB. These non-traditional "financial institutions" include, but are not limited to, state-registered
investment advisors, professional tax preparers, auto dealers engaged in financing or leasing, electronic funds transfer networks,
mortgage brokers, credit counselors, real estate settlement companies, retailers that issue credit cards to consumers, consumer
debt-collecting firms, payday lenders and check-cashing businesses.
What are the penalties for non-compliance with Gramm-Leach-Bliley?
Violation of GLBA may result in a civil action brought by the U.S. Attorney General. The penalties include those for the financial
institution of up to $100,000 for each violation. In addition, "the officers and directors of the financial institution shall be subject
to, and shall be personally liable for, a civil penalty of not more than $10,000 for each such violation". Criminal penalties may
include up to 5 years in prison.
What are the requirements of Gramm-Leach-Bliley?
The provisions include:
  |
Financial Privacy Rule
This rule requires that financial institutions provide consumers with privacy notices describing how they use and disclose consumers'
personal information. The notices must be provided to customers at the time the consumer relationship is established and annually
thereafter. The notice must also let consumers know about their right to "opt-out" of having their information shared with
unaffiliated parties. The unaffiliated parties receiving the nonpublic information are held to the same acceptance terms of
the consumer as under the original relationship agreement. |
|
Safeguards Rule
This rule requires financial institutions to have reasonable policies and procedures to ensure the security and confidentiality
of customer information (for both current and former customers). The plan must include denoting at least one employee to manage
the safeguards, doing a risk analysis on current processes, developing and monitoring a program to secure the information, and
making adjustments to the security plan as needed. |
|
Pretexting Protection
Pretexting occurs when someone tries to gain access to personal information without the proper authority to do so. The financial
institution must take all precautions necessary to protect and defend the consumer and associated nonpublic information. |
|
|
