Gramm-Leach-Bliley

What is the Gramm-Leach-Bliley Act?

The Gramm-Leach-Bliley Act (GLBA) requires any organization which offers consumers financial products or services like loans, financial or investment advice, or insurance to meet a range of standards designed to safeguard customer data as well as ensuring customers know their rights regarding information sharing and privacy. Importantly, the act has a very broad approach to what constitutes financial products or services, meaning even when your company’s size or core business may not immediately suggest “financial institution” as a descriptor, such as car dealers or debt collection agencies, the GLBA still applies.

What does Gramm-Leach-Bliley Act compliance look like?

Within its Safeguards and Privacy rules, the GLBA requires companies to explain their information-sharing practices to their customers on at least an annual basis, to safeguard sensitive data they collect through reasonable security policies and procedures, and to allow customers to opt out of sharing their information with unaffiliated third parties. Compliance with the Safeguards rule includes but is not limited to having a written, co-ordinated information security plan that describes your program to protect customer information and which is appropriate to the company’s size, business, and complexity, and the type and sensitivity of the customer information it handles. Compliance with the Privacy rule includes but is not limited to giving customers a clear written notice describing your privacy policies and practices.

How can Pointe Solutions help you with your GLBA audit?

The team at Pointe Solutions is here to help you achieve and maintain GLBA compliance through developing, implementing and documenting an information security program which specifically addresses the protection of customer information which is appropriate for the size and nature of your business and the information it handles. The team can also support by reviewing any and all existing privacy policies, documents and related customer material and amending and updating to ensure compliance, or, where appropriate working with you to develop a new set of documentation.