Saturday, December 8, 2007

Finishing with the GLBA

by: AFI


Study this fantastic presentation on "The Implementation of the Safeguards Rule" published the University of Georgia. Someone put a lot of work into this. If you want your F&I Director to really feel comfortable that you know the GLBA - know this info!

http://www.infosec.uga.edu/sate/presentations/Gramm-Leach-Bliley_Act_at_UGA.ppt


Read this client alert from Goodwin Proctor LLP. "What Can You Do To Reduce Your Exposure?" - Requirements for Safeguarding Customer Data.

http://www.goodwinprocter.com/~/media/9120AE2E76094F6EBAED1D158158AD61.ashx

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

*** This post is going to be HEAVY in discussions of the Red Flag Rule that is scheduled to go into effect November 1, 2008.

Read the above link - sound familiar?

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Possible Changes into the GLBA:

Numerous change proposals include:

1) Using “opt-in” instead of “opt-out.” Opt-in policies can explicitly allow a financial institution the ability to share data; however the customer must expressly check a box or sign a statement giving this authority to the institution. Without an opt-in, financial institutions can be under express obligation not to share the information provided. Essentially, the burden of information protection passes to the financial institution with”opt-in.” This approach has been proposed, partially because of the practice of many financial institutions and web sites in general to automatically check the box of the “please share my information with whomever you feel like it and spam me mercilessly.” This technique is how many firms get around “opt-in” by essentially opting individuals in automatically.

2) If opt-outs are still used, then financial institutions should be required to provide easy access to privacy policies at branch offices and on the Web.

3) Provide consumers with the right to review any disclosed information or to correct inaccurate or incomplete data.

4) Give states additional jurisdiction to enforce GLBA provisions to enhance enforcement efforts.

5) Providing clear and human-understandable privacy policies, which clearly spell everything out, and allow people to understand explicitly how their information may be used

What are some penalties for violating GLBA?

Violation of the GLBA may result in a civil action brought by the United States Attorney General, and can carry the following penalties:

1) “the financial institution shall be subject to a civil penalty of not more than $100,000 for each such violation”

2) “the officers and directors of the financial institution shall be subject to, and shall be personally liable for, a civil penalty of not more than $10,000 for each such violation.”

Short Summary:

The GLBA is certainly a step forward on the way to protect the user’s financial and personal information. Identity Access Management solutions are crucial when it comes to implementing compliance automation.


Possible Changes into the GLBA first printed 10/2/2007. Olga. Links Business Group LLC. Retrieved on 12/8/2007 from: http://www.linksbusinessgroup.com/blog/2007/10/02/identity-access-management-regulations/#comment-769

Back to blog homepage

No comments: