14 January 2004

Are you impacted by the Gramm-Leech Bliley Act (GLBA)?

If your business performs any of the following business processes, the likelihood is that you are. GLBA requires the organization to take reasonable steps to select and retain service providers who maintain appropriate safeguards for covered data and information. GLBA mandates that this Information Security Program be subject to periodic review and adjustment. The most frequent of these reviews will occur within IT Security & Policy where constantly changing technology and constantly evolving risks indicate the wisdom of regular reviews. Processes in other relevant areas of the organization such as data access procedures and the training program should undergo regular review.

Examples of Activities the FTC is Likely to Consider as a Financial Product or Service includes:

1. Student (or other) loans, including receiving application information, and the making or servicing of such loans

2. Financial or investment advisory services

3. Credit counseling services

4. Tax planning or tax preparation

5. Collection of delinquent loans and accounts

6. Sale of money orders, savings bonds or traveler’s checks

7. Check cashing services

8. Travel agency services provided in connection with financial services

9. Real estate settlement services

10. Money wiring services

11. Issuing credit cards or long term payment plans involving interest charges

12. Personal property and real estate appraisals

13. Career counseling services for those seeking employment in finance, accounting or auditing

14. Services provided by a principal, broker or agent with respect to life, health, liability or disability insurance products

15. Obtaining information from a consumer report

16. Providing or issuing annuities

The plan itself as well as the related data retention policy should be reevaluated annually in order to assure ongoing compliance with existing and future laws and regulations.

No comments:

Post a Comment