Who is required to comply?
All banks, credit reporting agencies, securities companies, tax preparation companies, real estate settlement service companies, realtors, debt collectors, insurance companies and those doing business with said companies.
What is it?
The Gramm-Leach-Bliley Act, or commonly referred to as the GLBA, signed in November 1999 and put into full effect in July 2001. The Act governs how customer’s financial information is collected and disclosed and demands financial institutions to implement and maintain safeguards to protect information and prevent corruption, fraud and leakage.
What are the requirements?
The Gramm-Leach-Bliley Act mandates that the confidentiality and security of customer information is enforced through securing the information, such as email correspondence, and limiting its access. Places of storage for this information must be protected with secure access controls. Email retention periods parallel that of the SEC 17a-4 regulation which requires retention of six years in an easily accessible space, secure from erasure and rewriting.
What is the cost of non-compliance?
Heavy fines, up to five years of imprisonment and loss of personal and corporate reputation.
What is the significance of Gramm-Leach-Bliley compliance?
The significance behind the Gramm-Leach-Bliley Act is to enhance protection of non-public personal financial information and ensure its safety through proper record keeping, supervisory review and access.
Financial institutions defined
The GLBA defines "financial institutions" as: "…companies that offer financial products or services to individuals, like loans, financial or investment advice, or insurance." The Federal Trade Commission (FTC) has jurisdiction over financial institutions similar to, and including, these:
non-bank mortgage lenders,
real estate appraisers,
some financial or investment advisers,
tax return preparers,
real estate settlement service providers.
These companies must also be considered significantly engaged in the financial service or production that defines them as a "financial institution”.
Above information is a summary only and is intended as an overview to the GLBA. All information found in the (Summary) is true to the best understanding of Wire & Web LLC. Please find additional and full information at: http://www.ftc.gov/privacy/glbact/glbsub1.htm