#relationshipscams | #dating | GLBA explained: Definition, requirements, and compliance

GLBA meaning and definition

The Graham-Leach-Bailey Act (GLBA) is a 1999 law that allowed financial services companies to offer both commercial and investment banking, something that had been banned since the Great Depression. The general public may be most aware of the GLBA in the context of debates as to whether it helped cause the 2008 subprime mortgage crisis, but for IT professionals, it’s much better known for the data security and privacy mandates it imposes on a wide range of companies and organizations, even beyond the banking industry. While many of these rules represent best IT practices, the legal stakes of noncompliance are high, with big fines and even potential jail time looming for those who fall short.

GLBA compliance requirements

It may seem a bit strange at first that a financial services law has such a profound impact on IT and data security. But the framers of the law correctly foresaw that by loosening existing banking regulations, they were opening the door to the creation of huge, sprawling firms offering an array of services ranging from checking accounts to high-end investments—and that these companies would have access to huge amounts of customer information. The data security and privacy aspects of the law were included to allay fears that this info would be misused or exploited.

That said, it isn’t just the Citibanks of the world who fall under the watchful eye of regulators thanks to the GLBA. The law applies to any business that is “significantly engaged” in providing financial products or services to consumers. The list of businesses that fall under this heading is broad, and includes debt collectors, real estate appraisers, automobile dealers, and even higher education institutions, which maintain bursar accounts for students and administer student loans.

When it comes to data security and privacy compliance requirements under the GLBA, there are three main sets of regulations—each called a Rule in regulation-speak—that IT needs to worry about: the Financial Privacy Rule, the Safeguard Rule, and the Pretexting Rule.

GLBA Privacy Rule

The Financial Privacy Rule (generally just shortened to the Privacy Rule) is relatively straightforward. Financial institutions need to provide customers with written information explaining what information is collected about them, how that information is used, where and with whom it’s shared, and how it’s protected. In line with the older Fair Credit Reporting Act, the Privacy Rule also requires that institutions give consumers the ability to forbid the financial institution from sharing their information with unaffiliated third parties.

Privacy notices like these need to be issued at the beginning of a customer’s relationship with an institution and at least once per year thereafter; updated versions of the information must be issued when privacy policies change. The language of the notices may be fairly boilerplate, and indeed the SEC makes model forms available.

GLBA consumer vs. customer. When it comes to the Privacy Rule, the GLBA makes a distinction between different types of people a company interacts with. Anyone who obtains financial products or services from a company is dubbed a consumer, but consumers who maintain a continuing relationship with that institution are customers. All customers are consumers, but not all consumers are customers; customers are those consumers whose relationship with an institution are longer-lasting and more intimate.

For instance, if you have a checking and savings account at Bank A, you’re Bank A’s customer; if you don’t have an account at Bank B but use their conveniently located ATM to withdraw cash from your account at Bank A, from Bank B’s perspective you’re only a consumer. Or, as another example, if you apply for a loan at Bank C and have no pre-existing relationship with them, you’re still only considered a consumer; you become a customer only if the loan is approved and you receive the money.

Copyright © 2020 IDG Communications, Inc.

Source link


Source link


#rhoa #maatiedtomedicine #couplescourttv @couplescourttv #gregoryevans #dating #datingscams #onlinedating #romance #romancescams #sexoffenfer #fakeprofile #fakeprofiles #boyfriends #cheaters #cheatingwife #swingers #swingercouple #pof #fakeprofile #cheatinghusband #scams #love #lovescams #worsedates #sex #ncs #metoomovement #metoo #muterkelly #activist #metoo #donaltrump #sextrafficking