Protect Customers’ Financial Information
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act or GLBA, opened competition among financial institutions, including banks, securities companies and insurance providers. It allows commercial and investment banks to consolidate and includes provisions that govern the collection, disclosure and protection of consumers’ nonpublic or personally identifiable information.Applicability
GLBA compliance is mandatory not only for all financial companies, including those that provide financial products and services to consumers, but for their vendors as well. Regardless of whether they disclose nonpublic information, companies must adhere to the GLBA and have policies in place to protect information. Eight federal agencies and state authorities enforce the GLBA, and penalties for noncompliance may result in up to 10 years in prison and $1 million in fines.Financial Services Industry Impact
Under the GLBA, financial companies must follow three principals to safeguard information from threats to security. The Financial Privacy Rule states companies must provide each customer with a copy of privacy practices. The Safeguards Rule requires a written information security policy, and the Pre-Texting Protection Rule requires that information be protected from unauthorized access. Thus, the GLBA requires financial companies to research and implement:
- Efficient means for information distribution.
- Proven security procedures to protect personal information.
- Proactive measures to prevent and guard against threats to security and integrity.
Enterprise Content Management (ECM) provides document controls and system securities that enable unified compliance and operational efficiency. Many financial companies, banks and insurance agencies use InfoStore’s ECM products to address GLBA privacy and security regulations. Whether companies store information on-premise,or they outsource data storage and access information online, they can improve productivity and reduce content management costs while maintaining a compliant environment.Efficient Information Distribution
Under the Financial Privacy Rule, companies must supply each customer with a privacy notice that explains what customer information is collected and how it is shared, used and protected. InfoStore solutions simplify document distribution and provide a secure means for sharing policies.
- Document disclosure enables financial companies to share an unlimited number of privacy notices with customers.
- Document grants allow secure, temporary, web-based access to documents for customers who prefer to receive information electronically.
- Enhanced auditing logs every customer notice sent and provides a report indicating who received the information, when and how.
The Safeguards Rule requires companies to review how they manage personal information and analyze their systems and policies. A written information security plan must describe how the company maintains customer confidentiality. ECM solutions provide extensive security measures that help ensure administrative, technical and physical safeguards of all customer data.
- Application security includes user passwords and flexible user rights that limit physical access, and enable companies to maintain tight control over system use.
- Document security restricts employee access to personal information and ensures that staff members view only documents they need to perform their job functions.
- 256-bit AES encryption can occur both during transmission and when stored, so private financial information is protected at every step.
GLBA provisions require financial institutions to protect information from unauthorized access—even when someone uses phishing methods, deception or scams to manipulate companies into divulging confidential information. InfoStore provides tools to proactively guard against malicious attacks.
- Security access rights are verified for every information request submitted to the ECM system.
- Enhanced auditing tracks all user activity, including successfully completed, attempted or suspicious activities, such as trying to open protected records without security clearance.
DISCLAIMER: This document is for informational purposes only; InfoStore Records Center. is not liable for errors, omissions or inadequacies. Please consult an appropriate compliance expert to understand your needs. This information is subject to change without notice.