Gramm-Leach-Bliley Act

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Gramm-Leach-Bliley Act

Also known as the Financial Modernization Act of 1999, the Gramm-Leach-Bliley Act (GLBA) repeals parts of the Glass-Steagall Act from 1933. The Glass-Steagall Act prohibited banks from offering investment, commercial banking, and insurance services all under a single umbrella. GLBA deregulates the split of commercial and investment banking. GLBA also provides provisions for compliance within Sections 501 and 521 to protect the financial information held by the industry. This protection is on behalf of the consumers. GLBA generally applies to financial institutions or any organization “significantly engaged” in financial activities. Examples include banks and securities firms. More examples are firms dealing with mortgages, insurance, tax preparation, debt collection, and much more. The FTC maintains and enforces GLBA.

To protect personally identifiable information, GLBA divides privacy requirements into three principal parts:

Financial Privacy Rule—The Financial Privacy Rule governs the collection and disclosure of customers’ personal financial information.
Safeguards Rule—The Safeguards Rule requires financial institutions to develop, maintain, and implement policies. These policies should tell how they will protect customer information.
Pretexting provisions—The pretexting provisions protect consumers. This protection is from both individuals and organizations that obtain personal financial information under false pretenses.

Pretexting

Pretexting is a method of social engineering. It is more about human interaction than about technology. For pretexting to succeed, you must manipulate others to divulge sensitive information. The root of pretexting is pretext or a situation or reason that is deceptive or false. For example, investigators often use pretexting—at least in the movies! It typically involves some type of con or clever ruse.

Consider, for example, how to guess a password. You might use some programmatic mechanism to guess a password. Now consider how much easier it is to ask someone for the password, presumably under a pretext. This is one example of why companies so often reiterate that they will never ask you for your password. A famous recent example involved Hewlett-Packard (HP). At the time, contracted private investigators determined the source of an information leak. To do so, the investigators operated under a pretext. They impersonated HP board members or journalists from popular news outlets to obtain phone records.

There are countless examples of why pretexting occurs. The GLBA pretexting provision protects consumers from evildoers trying to obtain personal financial information under false pretenses. Identity theft is the greatest risk to consumers should their information be compromised.

The Financial Privacy Rule requires financial institutions to provide notices to their customers. The notices explain their privacy policies, specifically covering the information collection and sharing practices of the company. Consumers are also given control over limiting the sharing of their information or opting out. If the financial institution changes its policy, it must provide another notice to the consumer.

The Safeguards Rule requires financial institutions to develop an information security policy to consider the nature and sensitivity of the information they handle. The plan must include and the company must comply with the following:

Designate at least one employee to coordinate an information security program.
Assess the risks to customer information within each pertinent area of the company’s operation. Evaluate the effectiveness of the current safeguards and risk controls.
Implement a safeguard program. Regularly monitor and test it.
Choose service providers that can maintain appropriate safeguards, and govern their handling of customer information.
Evaluate and adjust the security program given events and changes in the firm’s operations.

Likely, most organizations will protect against pretexting as part of their information security program. The best defense against pretexting is not technical, but rather awareness and training. Training is for both employees and customers. The pretexting provision makes it illegal to do the following:

Make a false, fictitious, or fraudulent statement or representation to obtain customer information from the financial institution or its customers.
Use forged, counterfeit, lost, or stolen documents to obtain customer information from the financial institution or its customers.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Gramm-Leach-Bliley Act

Create new playlist

Sign In

Sign Up

Gramm-Leach-Bliley Act

Table of Contents for
Gramm-Leach-Bliley Act