Do you need a GLBA best risk assessment?
What is a Gramm-Leach-Bliley Act (GLBA) Risk Assessment? The bill aims to protect clients’ private information by requiring insurance companies, commercial banks, and investment banks to explain how they share and protect their customer’s confidential information.
GLBA Requirements
There are three requirements to meet the GLBA guidelines:
- Financial Privacy Rule – Regulates collection/disclosure of private financial information.
- Safeguards Rule – Requires the covered entity to implement security programs for protected data. It includes both physical and technical safeguards. It also requires Secure Services Providers (your vendors) to be compliant.
- Pretexting Provisions – Prohibit the practice of pretexting (accessing private information using false pretenses).
GLBA requires financial institutions to provide clients with written privacy notices that explain their internal information-sharing practices.
Secure Service Providers Risk Assessment
Secure Service Providers comprise any company who stores, transmits or has access to protected data on behalf of the covered entity. Unfortunately, many Secure Service Providers take this requirement loosely, and some won’t even acknowledge they are a Secure Service Provider. However, it is obvious to discern: if they can see it, store it, or transmit it, then they are a Secure Service Provider. This mandate even extends to their business partners or vendors.
An excellent example of this is a call center collections company. The information they must collect includes name, phone number, address, and amount owed. That is four forms of protected data. If the company uses a third party for hosting services and backups, then the third party is considered a Secure Service Provider. Therefore, you need to verify they are GLBA compliant as well as their business partners. Secure Service Providers include anyone who stores, transmits, or has access to your data at each layer.
GLBA best risk assessment in your future? Call INSI
Do you need a GLBA risk assessment performed? As part of our Managed Security Services, INSI has partnered with Cybriant, which conducts the GLBA risk assessments and works with INSI engineers addresses the vulnerabilities. It is a complete turnkey GLBA solution.
About the Author
Deborah Frazier is the author of IT Outsourcing Secrets – A Small Business Guide to Compare IT Support Companies. With nearly 20 years of experience consulting small and medium-sized businesses on their IT support needs, she brings a wealth of knowledge to INSI as Head of Marketing and Sales. If you like this article and want to be notified when a new article is posted, click here.
