Security Auditing

Security Auditing

Complying with the GLBA Privacy and
Safeguards Rules
By Robert J. Scott and Adam W. Vanek

Complying with the GLBA Privacy and
Safeguards Rules
By Robert J. Scott and Adam W. Vanek

“It is the policy of Congress that each
financial institution has an affirmative and
continuing obligation to respect the privacy of
its customers and to protect the security and
confidentiality of those customers’ nonpublic
personal information.” 1

GLBA and a financial institution’s obligations
under the Financial Privacy and Safeguards
Rules. This article outlines a financial institution’s
notice and disclosure requirements. It also
outlines the importance of conducting a
thorough risk assessment and implementing a
comprehensive information security program.

I. INTRODUCTION.
II. THE FINANCIAL PRIVACY RULE.
In 2006 an estimated 9 million American
adults were the victims of identity fraud at a
total cost of $56.6 billion.2 There are a number
of legislative efforts designed to protect the
privacy, security, and confidentiality of customer
data. One such law, the Gramm-Leach-Bliley
Act (the “GLBA”), also known as the Financial
Services Modernization Act of 1999, effectively
repealed the Banking Act of 1933 and amended
the Bank Holding Company Act of 1956.
The GLBA requires financial institutions
to protect themselves against unauthorized
access, anticipate security risks, and safeguard
a consumer’s nonpublic information, it also
prohibits individuals and companies from
obtaining consumer information using false
representations.3 The GLBA charged the Federal
Trade Commission (the “FTC”), and other
government agencies that regulate financial
institutions, with the duty to enforce, carry out,
and implement the GLBA.
The GLBA separates individual privacy
protection into three principal categories: (1) the
Financial Privacy Rule; (2) the Safeguards Rule;
and (3) Pretexting Provisions.4 The Financial
Privacy Rule and the Safeguards Rule...

Similar Essays