Gramm Leach Bailey Act

This Act applies to everyone who handles financial data

Gramm Leach Bailey Act As It Applies To Data Destruction

This is another act to protect our financial information. The act also quotes the FTC Disposal Rule Erecycler knows the Gramm Leach Bailey Act and can help get your company into compliance, contact us today.
Yet another act to protect our financial information. The act also quotes the FTC Disposal Rule.
Many companies collect personal information from their customers, including names, addresses, and phone numbers; bank and credit card account numbers; income and credit histories; and Social Security numbers. The Gramm-Leach-Bliley (GLB) Act requires companies defined under the law as “financial institutions” to ensure the security and confidentiality of this type of information. As part of its implementation of the GLB Act, the Federal Trade Commission (FTC) issued the Safeguards Rule, which requires financial institutions under FTC jurisdiction to have measures in place to keep customer information secure. But safeguarding customer information isn’t just the law. It also makes good business sense. When you show customers you care about the security of their personal information, you increase their confidence in your company. The Rule is available at ftc.gov.

Who Must Comply?

The definition of “financial institution” includes many businesses that may not normally describe themselves that way. In fact, the Rule applies to all businesses, regardless of size, that are “significantly engaged” in providing financial products or services. This includes, for example, check-cashing businesses, payday lenders, mortgage brokers, nonbank lenders, personal property or real estate appraisers, professional tax preparers, and courier services. The Safeguards Rule also applies to companies like credit reporting agencies and ATM operators that receive information about the customers of other financial institutions. In addition to developing their own safeguards, companies covered by the Rule are responsible for taking steps to ensure that their affiliates and service providers safeguard customer information in their care.
For more information on whether the Safeguards Rule applies to your company, consult section 313.3(k) of the GLB Privacy Rule and the Financial Activities Regulations. Both are available at ftc.

How To Comply

The Safeguards Rule requires companies to develop a written information security plan that describes their program to protect customer information. The plan must be appropriate to the company’s size and complexity, the nature and scope of its activities, and the sensitivity of the customer information it handles. As part of its plan, each company must:
The requirements are designed to be flexible. Companies should implement safeguards appropriate to their own circumstances. For example, some companies may choose to put their safeguards program in a single document, while others may put their plans in several different documents — say, one to cover an information technology division and another to describe the training program for employees. Similarly, a company may decide to designate a single employee to coordinate safeguards or may assign this responsibility to several employees who will work together. In addition, companies must consider and address any unique risks raised by their business operations — such as the risks raised when employees access customer data from their homes or other off-site locations, or when customer data is transmitted electronically outside the company network.

Securing Information

The Safeguards Rule requires companies to assess and address the risks to customer information in all areas of their operation, including three areas that are particularly important to information security: Employee Management and Training; Information Systems; and Detecting and Managing System Failures. One of the early steps companies should take is to determine what information they are collecting and storing, and whether they have a business need to do so. You can reduce the risks to customer information if you know what you have and keep only what you need.
Depending on the nature of their business operations, firms should consider implementing the following practices:
Training employees to take basic steps to maintain the security, confidentiality, and integrity of customer information, including:
Developing policies for employees who telecommute.

Information Systems

Information systems include network and software design, and information processing, storage, transmission, retrieval, and disposal. Here are some suggestions on maintaining security throughout the life cycle of customer information, from data entry to data disposal:
Know where sensitive customer information is stored and store it securely. Make sure only authorized employees have access. For example:
Take steps to ensure the secure transmission of customer information. For example:
When you transmit credit card information or other sensitive financial data, use a Secure Sockets Layer (SSL) or other secure connection, so that the information is protected in transit.
If you collect information online directly from customers, make secure transmission automatic. Caution customers against transmitting sensitive data, like account numbers, via email or in response to an unsolicited email or pop-up message.
If you must transmit sensitive data by email over the Internet, be sure to encrypt the data.
If you must transmit sensitive data by email over the Internet, be sure to encrypt the data.
Dispose of customer information in a secure way and, where applicable, consistent with the FTC’s Disposal Rule. For example:
Destroy or erase data when disposing of computers, disks, CDs, magnetic tapes, hard drives, laptops, PDAs, cell phones, or any other electronic media or hardware containing customer information.
Detecting and Managing System Failures. Effective security management requires your company to deter, detect, and defend against security breaches. That means taking reasonable steps to prevent attacks, quickly diagnosing a security incident, and having a plan in place for responding effectively. Consider implementing the following procedures:
Using appropriate oversight or audit procedures to detect the improper disclosure or theft of customer information. It’s wise to:
Taking steps to preserve the security, confidentiality, and integrity of customer information in the event of a breach. If a breach occurs:
Considering notifying consumers, law enforcement, and/or businesses in the event of a security breach. For example:

Dallas, Ft Worth, Houston, Austin, San Antonio

We service these major Texas cities for many of our national clients. If you need a pick up in any of these metropolitan areas just let us know and we will happily get you on the schedule.

About Us

We service these major Texas cities for many of our national clients. If you need a pick up in any of these metropolitan areas just let us know and we will happily get you on the schedule.
At eRecycler we believe that reuse is the highest form of recycling

Let's Recycle Together

Satisfaction Guaranteed