For instance, there's no specific GLBA password requirements; instead, GLBA-covered institutions are expected to follow contemporary best practices for authenticating access to personal data, which in practice today would include an appropriate password regime. L. No. 118th CONGRESS. Such audits can provide invaluable feedback, but keep in mind that they're essentially just providing a second opinion from a private company, not offering the United States Federal government's seal of approval. Guide to the GrammLeachBliley Act - International Association of 1. The Graham-Leach-Bailey Act (GLBA) is a 1999 law that allowed financial services companies to offer both commercial and investment banking, something that had been banned since the Great Depression. Element 8: For an institution or servicer maintaining student information on 5,000 or more consumers, addresses the establishment of an incident response plan (16 C.F.R. 0000008401 00000 n While all elements of the Safeguards Rule are vital to protecting the security of customer information, an institution or servicer may significantly reduce the risk of a security breach, and the resulting harm and inconvenience to its customers, by encrypting customer information while it is in transit outside its systems or stored on its system and by implementing multi-factor authentication for anyone accessing customer information on its systems. requires the FTC, along with the Federal banking agencies and other regulators, to issue regulations ensuring that financial institutions protect the privacy of consumers' personal financial information. Youre more than a vote, so support GovTrack today with a tip of any amount: Or keep using GovTrack for free! For example, consumers who aren't customers are only entitled to privacy and opt-out notices if an institution makes specific plans to share those consumers' data with third parties; customers have these rights as soon as they establish a customer relationship. The guide summarizes and explains rule amendments adopted by the Commission, but is not a substitute for any rule. Text Any GLBA findings identified through a compliance audit, or any other means, after the effective date will be resolved by the Department during the evaluation of the institutions or servicers information security safeguards required under GLBA as part of the Departments final determination of an institutions administrative capability. 0000001782 00000 n For instance, large educational institutions now have their GLBA compliance reviewed as part of their annual federal compliance audits that they must submit to the Department of Education. An Inquiry into Cloud Computing Business Practices: The Federal Trade Commission is seeking public comments. As a result, often the law will not be found in one place neatly identified by its popular name. The first is that it explicitly makes it illegal to use pretexting to try to gain access to the information about victims held by a financial institution covered by the Act. REVISED THROUGH SEPTEMBER 30, 2004 And sometimes they are meant to garner political support for a law by giving it a catchy name (as with the 'USA Patriot Act' or the 'Take Pride in America Act') or by invoking public outrage or sympathy (as with any number of laws named for victims of crimes). No appropriate Federal banking agency, by regulation, order, interpretation, or other action, and no court within the United States may construe the paragraph designated the Seventh of section 5136 of the Revised Statutes of the United States (12 U.S.C.

Russell Bufalino Daughter, Articles G