The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to provide each consumer with a privacy notice at the time the consumer relationship is established and annually thereafter. Many financial institutions collect personal information from their customers, such as their names, addresses and phone numbers; bank and credit card account numbers; income and credit histories; and Social Security numbers. The Gramm-Leach-Bliley (GLB) Act requires financial institutions to ensure the security and confidentiality of this type of information.
As part of its implementation of the GLB Act, the Federal Trade Commission (FTC) has issued the Safeguards Rule. This Rule requires financial institutions under FTC jurisdiction to secure customer records and information, and to train employees to take basic steps to maintain the security, confidentiality and integrity of customer information.
GLBA covers a variety of industries, including banking, securities trading, insurance companies, lenders, tax preparers, credit counselors and financial advisors, real estate services and debt collector services. GLBA violations can include financial institutions being subject to a civil penalty of not more than $100,000 for each violation; the officers and directors of the financial institution shall be subject to, and personally liable for, a civil penalty of not more than $10,000 for each violation.
Here are some suggestions on how to maintain security throughout the life cycle of customer information that is, from data entry to data disposal: