To take advantage of the Section 13 exception, you must enter into a contract with the unaffiliated third parties with whom you share NPI. The agreement must ensure the confidentiality of the information by prohibiting the third party or third parties from using or disclosing the information for purposes other than those for which it was obtained. Contracts concluded with non-affiliated service providers which entered into force before 1 July 2000 and which do not have the necessary confidentiality agreement must be amended by 1 July 2002 at the latest to include such a provision. Non-public personal information includes Social Security numbers, credit and income history, credit account and credit card numbers, phone numbers, addresses, names, and any other personal customer information obtained from a financial institution that is not public. The safeguard rule states that financial institutions must create a written information security plan that describes their customers` information protection program. The information security plan must be specifically tailored to the size, operation and complexity of the institution, as well as the sensitivity of customer information. According to the guarantee rule, covered financial institutions must: Simply address the points listed above that apply to you. For example, if you do not share NPI with affiliates or unaffiliated third parties, except to the extent permitted by sections 313.14 and 313.15, you may provide a simplified notice describing: (1) your collection of NICs; (2) states that you will only disclose NPI to unaffiliated third parties “to the extent permitted by law” and (3) explains how you protect NPI`s privacy and security. The main objective of the GLBA is to extend and strengthen precautions and restrictions on consumer data protection. The main concern of IT professionals and financial institutions related to GLBA is to ensure and ensure the confidentiality of customers` private and financial information.
Maintaining GLBA compliance is essential for any financial institution, as breaches can be both costly and detrimental to business continuity. However, through measures to protect NPIs and comply with the GLBA, businesses not only benefit from improved security and penalty avoidance, but also from increased customer trust and loyalty. The exemption in section 13 also applies to the marketing of financial products or services offered under a “joint agreement” with one or more other financial institutions. The requirement for a “joint agreement” means that you have entered into a written contract with one or more financial institutions for your joint offer, approval or sponsorship of a financial product or service. This does not apply to any type of joint marketing, but only to joint marketing with other financial institutions and only to the marketing of financial products or services. The Privacy Policy requires that your Privacy Policy include an accurate description of your current policies and practices regarding the protection of NPI`s privacy and security. For example, if you restrict access to NPI to employees who need the information to provide products or services to your consumers or customers, say so. The FTC has issued a separate rule to meet the protection requirements of the NPI. See 16 C.F.R.
Part 314, 67 Fed. Reg. 36484 (23 May 2002). For more information about this rule and other tips for small businesses in implementing backup rule requirements, visit the FTC website. An overview of the data protection requirements of the GLB Act is available online. This guide provides more detailed information than in the overview to help you meet the requirements of the privacy policy to protect consumers` financial information. It was written for companies that provide financial products or services to individuals for personal, family or household use. Financial institutions subject to the Gramm-Leach-Bliley Act must inform their customers of their information-sharing practices and explain their right to “opt-out” to customers if they do not want their information to be shared with certain third parties. Does your company meet the requirements of the privacy policy? Since the law went into effect, there have been several allegations, including: The FTC may take enforcement action for violations of the confidentiality rule. The FTC can sue for the confidentiality rule in federal district court, where it can seek the full scope of the injunction and the additional equity claim.
The FTC also has the power, under Section 5 of the FTC Act, to review privacy policies and practices for deception and injustice. Further information on the GLB Act and the Data Protection Rule can be found here. The information available on this website includes written advice prepared by the FTC and other federal agencies enforcing the GLB Act on certain compliance matters that may be of interest to you. If you share NPI with unaffiliated third parties outside of the exceptions described therein (see “Exceptions”), you must also notify your customers of the following: An opt-out instruction from a consumer or customer will be effective – even after the termination of the customer relationship – until terminated in writing or, if the consumer agrees, electronically. However, if a former customer establishes a new customer relationship with you and you need to provide an unsubscribe notice, the customer must define a new unsubscribe directive that only applies to the new relationship. Your request rate has exceeded the maximum number of requests allowed per sec second. Your access to SEC.gov is limited to 10 minutes. GLBA compliance exposes financial institutions to a lower risk of penalties or reputational damage caused by unauthorized disclosure or loss of retail customer data.
There are also several privacy and security benefits required by the GLBA protection policy for customers, some of which are as follows: Communications given orally or published in your offices are not compliant. NPI does not contain any information that you have a reasonable basis to believe is legally “made public”. In other words, the information is not NPI if you have taken steps to determine: The Gramm-Leach-Bliley Act (GLB Act or GLBA) is also known as the Financial Modernization Act of 1999. This is a U.S. federal law that requires financial institutions to explain how they share and protect their customers` private information. To be GLBA compliant, financial institutions must communicate to their customers how they share sensitive customer data, inform customers of their right to withdraw if they prefer not to share their personal data with third parties, and apply specific safeguards to customers` private data in accordance with a written information security plan established by the institution. . . .