Many companies collect personal information from their customers, including brands, addresses, and telephone numbers; loan company and credit card account figures; credit and income histories; and Social Security numbers. The Gramm-Leach-Bliley (GLB) Act requires companies described under the law as “financial institutions” to guarantee the security and confidentiality of this type of information.
As part of its implementation of the GLB Act, the Federal Trade Commission (FTC) released the Safeguards Rule, which requires financial institutions under FTC jurisdiction to have procedures in spot to keep customer information secure. But safeguarding customer information isn’t just regulations. It also makes good business sense. When you show customers you value the security of their personal information, you increase their confidence in your business. The definition of “financial institution” includes many businesses that might not normally explain themselves that way.
In fact, the Rule applies to all businesses, regardless of size, that are “significantly engaged” in providing financial loans or services. This includes, for example, check-cashing businesses, payday lenders, home loans, nonbank lenders, personal property or real estate appraisers, professional taxis prepared, and courier services. The Safeguards Rule also pertains to companies like credit scoring companies and ATM operators that obtain information about the customers of other finance institutions. In addition to developing their own safeguards, companies covered by the Rule are accountable for taking steps to ensure that their affiliate marketers and providers safeguard customer information in their care.
For more info on whether the Safeguards Rule applies to your company, consult section 313.3(k) of the GLB Privacy Rule and the Financial Activities Regulations. The Safeguards Rule requires companies to develop a written information security plan that describes their program to safeguard customer information. The plan must be appropriate to the company’s size and complexity, the range and nature of its activities, and the awareness of the customer information it manages. ‘s business or operations, or the full-total results of security testing and monitoring. The requirements are designed to be flexible. Companies should implement safeguards appropriate with their own circumstances. Employee Management and Training. The success of your information security plan depends largely on the employees who implement it.
Checking recommendations or doing background checks before employing employees who will have access to customer information. Asking every new employee to signal an agreement to follow your company’s confidentiality and security requirements for managing customer information. Limiting usage of customer information to employees who have a business reason to see it.
For example, give employees who respond to customer inquiries usage of customer files, but only to the extent they need it to do their jobs. Controlling usage of sensitive information by requiring employees to use “strong” passwords that must be changed on a regular basis. Using password-activated display savers to lock worker computers after a period of inactivity. Developing guidelines for appropriate safety and use of laptops, PDAs, cell phones, or other cellular devices. For example, make sure employees store the unit in a secure place when not in use.
- Real Estate Taxes
- Medicare taxes: 2.9 percent on all revenue
- 1 Definition of Organisation Chart
- Brushed Finish 18.75 $
- 2014 | DECEMBER | ONLINE
- List and explain three factors which impact group cohesion
- Accessing playbooks
Also, consider that customer information in encrypted documents shall be better protected in case of fraud of such a device. Reporting suspicious attempts to acquire customer information to designated personnel. Make sure that storage areas are protected against damage or destruction from physical hazards, like fire or floods. Store records in an area or cabinet that is locked when unattended. When customer information is stored on the server or other computer, ensure that the computer is accessible only with a “strong” password and it is kept in a physically-secure area. Where possible, avoid storing sensitive customer data on some type of computer with an Internet connection. Maintain secure backup records and keep archived data secure by keeping it off-line and in a physically-secure area.
Maintain a careful inventory of your company’s computer systems and every other equipment which customer information may be stored. When you transmit credit card information or other delicate financial data, use a Secure Sockets Layer (SSL) or other secure connection, so the given information is secured in transit. If you collect information online directly from customers, make secure transmission automatic.