Gramm-Leach-Bliley Act, Protection of Customer Information Guidelines

So what is Gramm-Leach-Bliley Act (GLBA) requirement for Protection of Customer Information. Here is simple guidelines based on section V and the ammendment of appendix B. This act require the institution not only to protect but also assess and then control the IT risk.

Section V of the Gramm-Leach-Bliley Act of 1999
Governs privacy in the context of Financial Institution Safeguards.

Section 501(a): It is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers’ nonpublic information.

Section 501(b): Establish appropriate standards for the financial institutions subject to their jurisdictions relating to administrative, technical, and physical safeguards
1. To insure the security and confidentiality of customer records and information;
2. To protect against anticipated threats or hazards to the security or integrity of such records; and
3. To protect against unauthorized access to use of such records or information which could result in substantial harm or inconvenience to any customer.

2. Appendix B to Part 570
Outlines the Agency’s expectations for the creation, implementation, and maintenance of an information security program. This program must include administrative, technical complexity of the institution and the nature and scope of its activities. The guidelines describe the oversight role of the board of directors in this process and management’s continuing duty to evaluate and report to the board on the overall status of this program.

The four steps in this process require an institution to:
- Identify and assess the risks that may threaten customer information.
- Develop a written plan containing policies and procedures to manage and control these risks.
- Implement and test the plan.
- Adjust the plan on a continuing basis to account for changes in technology, the sensitivity of customer information, and internal or external threats to information security.

Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Propeller
  • Reddit
  • Technorati

User login

Who's new

  • Loareeneare
  • Mertkigeprise
  • KevinNeil
  • bitstusty
  • Liishhexcdtux

Who's online

There are currently 0 users and 2 guests online.