As a business owner, complying with regulations is imperative for your business’ success. On May 10th, I attended an informative FTC webinar hosted by AUGMENTT. The webinar focused on the Gramm-Leach-Bliley Act, which requires organizations to safeguard customer data. With the deadline to comply being June 9, 2023, it is important for companies to understand the regulations and take the necessary steps to ensure they are completely compliant.
If you see your financial institution listed below, continue to read specifics on the updated regulation.
What is the GLBA Act?
This Act requires all financial institutions and businesses that offer consumer financial services or products, such as loans, insurance, and investment advice, share practices with their consumers and protect sensitive information (FTC).
What are the specifics?
The Act calls for all organizations under this regulation to provide notices and to comply with certain limitations on disclosure of nonpublic personal information. Therefore, a financial institution must provide a notice of its privacy policies and practices with respect to both affiliated and non-affiliated third parties and allow the consumer to opt out of the disclosure of the consumer’s nonpublic personal information to a nonaffiliated third party if the disclosure is outside of the exceptions.
So, what does this mean? Financial institutions must inform their customers about their privacy policies and how they use and share personal information. Customers have the right to opt-out of sharing their personal information with non-affiliated third parties, except in certain cases outlined by the law. These requirements aim to protect customer privacy and promote transparency in how personal information is handled by financial institutions.
What data falls under these regulations?
What should I do before the June 9 deadline?
- Designate a qualified individual to communicate the company’s risk posture, activity status, and outcomes from executive to operational levels.
- Organize a Cyber Security Risk assessment test.
- Implement and design safeguards for your data, such as encryption, application evaluations, etc.
- Cybersecurity Awareness and Training for employees.
- Have an Incident Response Plan
- Report to the Board of Directors- Report CSRA, review Safeguards, and monitor testing results.
What is the cost of being non-compliant?
Organizations that do not comply with these regulations can include:
- Up to $100,000 in fines per violation
- Up to $10,000 in fines per person -CEOs, Owners, Board Members
- Temporary or permanent loss of business license
- 5-year prison sentence
Financial institutions are legally required to provide customers with details about their privacy policies and how they handle personal information. Infiniwiz, as an MSP, can assist financial institutions in complying with these regulations by implementing effective privacy policies and procedures, ensuring that customer data is handled securely, and providing guidance on how to communicate privacy policies to customers. By working with Infiniwiz, financial institutions can build trust with their customers and demonstrate their commitment to protecting customer privacy.