At DataMasters we work in compliance with federal and state laws to ensure the protection of customers and businesses. Our expert staff has a professional understanding about the risks and penalties involved in not complying with the law. Honorable business practices are the foundation of our business and we strive to help others understand these laws.
What is the Gramm-Leach-Bliley Act (GLB)?
The Gramm-Leach-Bliley Act (GLB) was enacted in 1999. The act outlines rules in regard to the privacy of personal information regularly collected by various financial institutions. Often this type of information is required by insurance agents and brokers in order for them to advise their clients effectively. This highly sensitive information falls under both federal and state data privacy protection laws. Both the Securities and Exchange Commission as well as the Federal Trade Commission circulate the extensive regulations of the GLB. The law is also enforced on a state level through state insurance authorities.
The GLB applies to nearly all insurance agents, brokers, and financial institutions. Under the Gramm-Leach-Bliley Act (GLB) nonpublic, personal information provided by consumers to financial institutions is protected. This includes information that:
- Consumers provide to obtain financial products
- Consumers provide to obtain financial services
- Results from transactions involving financial products
- Results from transactions involving financial services
- Is obtained in connection with providing a financial product
- Is obtained in connection with providing a financial service
The GLB Act does not protect public information.
Gramm-Leach-Bliley Act (GLB) Requirements
The GLB Act requires covered agencies and brokers to comply with practices. This also includes notifying consumers about how their nonpublic, personal information is handled and protected. This means that covered agencies and brokers must follow these requirements:
- Provide consumers that have ongoing relationships with the financial institution with privacy statements
- Privacy statements must explain information privacy practices
- Consumer opportunity to opt-out of sharing their information with select third parties
- Assurance of the security of the information and restriction of sharing information with other parties
- Assurance of appropriate disposal of sensitive information
- Contracts with service providers which handle sensitive information
The Gramm-Leach-Bliley Act also details required security measures:
- Access control over customer information systems
- Controls to permit access to authorized people and systems to prevent fraud
- Access control at physical locations that contain customer information
- Encryption of all electronic customer information in transit and in storage
- System modification procedures to protect customer information
- Employee background checks
- Dual control procedures with segregation of duties
- System monitoring and procedures for detecting attempted attacks into customer information systems
- Response programs and protocol when a possible breech has occurred
- Response programs and protocol if there is suspicion of a breech
- Measures to protect information from destruction due to environmental or technological hazards or failure
- Extensive training for staff to implement and utilize security programs
- Regular testing of systems, controls, and procedures of security programs
Compliance with the Gramm-Leach-Bliley Act (GLB)
Each regulation of the Gramm-Leach-Bliley Act (GLB) is part of a whole. These requirements work together to achieve proper safety protocol. Policies should be a result of comprehensive reviews and overall policy assessment. Like other Federal privacy laws, the GLB Act requires very specific actions from organizations that must comply. Many states have laws that work in addition to the Gramm-Leach-Bliley Act (GLB). These laws go beyond what is listed in GLB. Agencies handling this type of information must know and understand all federal as well as state laws.
Trust is extremely important for consumers when they are providing personal information. Agencies should always exercise careful care and consideration when handling any personal or private information. Being aware of the legal requirements on both a federal and state level is the first step to building this trust with your consumers.
Acting out of compliance of the Gramm-Leach-Bliley Act (GLB) not only betrays the trust of your consumers, but it puts their sensitive information at risk. Penalties for violating the law are significant. Each violation can result in a fine up to $100,000. Criminal penalties may also result from violations including fines and imprisonment for up to five years. It’s also important to note that ongoing violations carry more severe penalties and repercussions.
Our staff can help you understand what your agency needs to do in order to comply with the Gramm-Leach-Bliley Act (GLB). Proper compliance will eliminate financial and criminal penalties while ensuring the safety of your consumers.