Established in 2003, the Safeguards Rule sets forth the foundational requirements of an information security program that covered financial institutions must implement to protect the non-public personal information of their customers.
Who does the FTC Safeguards Rule apply to?
The FTC’s Safeguards Rule applies to non-banking financial institutions, such as check-cashing businesses, payday lenders, mortgage brokers, nonbank lenders, personal property or real estate appraisers, professional tax preparers, courier services, and credit reporting agencies.
What does the safeguards rule require?
The existing Safeguards Rule requires that information security programs be based on a financial institution’s identification and assessment of reasonably foreseeable internal and external risks to customer information.
What are the federal safeguards for financial reporting?
The New Safeguards Rule exempts financial institutions that maintain information concerning fewer than 5,000 consumers from certain requirements, including written risk assessments, continuous monitoring or annual penetration testing, biannual vulnerability assessments, and written incident response plans.
What is governed under the Gramm-Leach-Bliley Act GLBA )?
GLBA compliance requires that companies develop privacy practices and policies that detail how they collect, sell, share and otherwise reuse consumer information. Consumers also must be given the option to decide which information, if any, a company is permitted to disclose or retain for future use.
What is the FTC Safeguard rule?
The FTC’s updated Safeguards Rule requires non-banking financial institutions, such as mortgage brokers, motor vehicle dealers, and payday lenders, to develop, implement, and maintain a comprehensive security system to keep their customers’ information safe.
What does the safeguards rule address?
The Safeguards Rule requires financial institutions under FTC jurisdiction to have measures in place to keep customer information secure.
When was the Safeguards Rule originated?
The Safeguards Rule was published in the Federal Register one year ago [67 Fed Reg 36484 (May 23, 2002)] and can be found on the Federal Trade Commission Web site at http://www.ftc.gov/privacy/privacyinitiatives/safeguards.html.
What controls are required to safeguard customer information?
The Safeguards Rule requires financial institutions to store sensitive customer information securely and ensure its secure transmission, as well as maintain programs and implement audit procedures that prevent unauthorized access and improper disclosure.
Who is responsible for our compliance with GLBA?
The GLBA is enforced by the FTC, the federal banking agencies, and other federal regulatory authorities, as well as state insurance oversight agencies. The act has three main sections, consisting of two rules and a set of provisions.
What is GLBA designed to protect?
The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.
What is the goal of the FTC?
THE FEDERAL TRADE COMMISSION’S (FTC) MISSION: To prevent business practices that are anticompetitive or deceptive or unfair to consumers; to enhance informed consumer choice and public understanding of the competitive process; and to accomplish this without unduly burdening legitimate business activity.
What was the vendor OpticsML accused of doing according to the FTC’s complaint?
The FTC’s complaint alleged that Ascension hired a vendor, OpticsML, to process tens of thousands of mortgage documents that contained personal information of more than 60,000 consumers, including names, dates of birth, Social Security numbers, loan information, credit and debit account numbers, drivers’ license …
What are the three main security goals of the Gramm Leach Bliley Act security requirements?
OBJECTIVE OF THE PROGRAM:
Protect the security and confidentiality of Covered Data; • Protect against anticipated threats or hazards to the security or integrity of Covered Data; and • Protect against unauthorized access to or use of Covered Data that could result in substantial harm or inconvenience to any Customer.
What are the main security requirements of the GLBA law?
GLBA Safeguard Rule
The Safeguard Rule requires that any institutions covered by the GLBA protect, via administrative, technical, and physical means, the confidentiality, integrity, and security of any nonpublic personal information that institution retains.
Does Glba apply to vendors?
GLBA extends to the financial institution’s vendors by operation of law if the vendor meets the definition of service provider. A service provider is defined as: Any party that is permitted access to a financial institution’s customer information through the provision of services directly to the institution.