Financial Services: GLBA Compliance
Gramm-Leach-Bliley Act (GLBA) compliance is mandatory for financial institutions, but many struggle to understand its focus. GLBA was enacted in 1999 to govern the collection, disclosure and protection of consumer’s information and to allow commercial and investment banks to consolidate. ALL financial institutions and their vendors, totaling a market size of almost $4 billion, must comply with GLBA. Eight Federal agencies and all state authorities enforce the act. Penalties for noncompliance may result in up to 10 years in prison and $1 million in fines.
“As part of its implementation of the GLBA, the Federal Trade Commission (FTC) issued the Safeguards Rule, which requires financial institutions to have measures in place to keep customer information secure. But safeguarding customer information isn’t just the law. It also makes good business sense. When you show customers you care about the security of their personal information, you increase their confidence in your company.”
— FTC Facts for Business, Financial Institutions and Customer Information: Complying with the Safeguards Rule
Financial Services Industry Impact
Implement efficient means for information distribution.Under the GLBA, financial services companies must follow three principles. The Financial Privacy Rule states that you must provide customers with a copy of privacy practices and the Pre-Texting Protection Rule requires protected customer information. The Safeguards Rule requires a written information security policy. Thus, financial companies must:
- Manage security controls to protect personal information and to prevent threats.
- Establish security procedures to prevent fines and save money.
ECM Enables GLBA Compliance
Enterprise Content Management (ECM) provides document controls and system security that enable compliance. Many financial services companies use ECM to address GLBA privacy and security regulations. Whether through PaperVision® Enterprise, the on-premise software, or ImageSilo®, the cloud ECM service. you can enhance efficiency, gain control and save money.
Distribute Information Efficiently
Under the Financial Privacy Rule, you must supply each customer with a privacy notice that explains what customer information is collected and how it is shared, used and protected. ECM allows efficient document distribution and provides a secure means for sharing information with customers.
- Share an unlimited number of privacy notices with customers through document disclosures.
- Allow secure, temporary, Web-based access to documents for customers who prefer to receive information electronically.
Protect Customer Information and Control Security
GLBA provisions require you to protect information from unauthorized access, scams and phishing methods. PaperVision® Enterprise and ImageSilo® offer tools to proactively guard against attacks and to control security settings.
- Ensure security access rights for every information request.
- Track all user activity including attempts at accessing protected records without proper security clearance.
Save Money by Establishing Security Procedures
The Safeguards Rule mandates a review of how your company manages personal information and an analysis of systems and policies. A written information security plan must describe how your company maintains customer confidentiality in order to avoid penalties. ECM provides extensive security features reducing time, energy and money spent trying to establish such plans.
- Cost-effectively limit physical access to information and maintain tight control over the system use with application security.
- Switch from a capital investment in software and hardware to a simple, monthly operating expense with ImageSilo®.