 |
Gramm-Leach-Bliley
Financial Services Modernization Act
How to Comply
The Safeguards Rule requires financial institutions to develop a written information security plan that describes their program to protect customer information. The plan must be appropriate to the financial institution's size and complexity, the nature and scope of its activities, and the sensitivity of the customer information it handles. As part of its plan, each financial institution must:
|
- Designate one or more employees to coordinate the safeguards;
- Identify and assess the risks to customer information in each relevant area of the company’s operation, and evaluate the effectiveness of the current safeguards for controlling these risks;
- Design and implement a safeguards program, and regularly monitor and test it;
- Select appropriate service providers and contract with them to implement safeguards; and
- Evaluate and adjust the program in light of relevant circumstances, including changes in the firm’s business arrangements or operations, or the results of testing and monitoring of safeguards.
|
Information Systems
Information systems include network and software design, and information processing, storage, transmission, retrieval, and disposal. Here are some suggestions on how to maintain security throughout the life cycle of customer information - that is, from data entry to data disposal:
Dispose of customer information in a secure manner. For example: |
- Hire or designate a records retention manager to supervise the disposal of records containing nonpublic personal information;
- Shred or recycle customer information recorded on paper and store it in a secure area until a recycling service picks it up;
- Erase all data when disposing of computers, diskettes, magnetic tapes, hard drives or any other electronic media that contain customer information;
- Effectively destroy the hardware; and
- Promptly dispose of outdated customer information.
|
|
|
|
|
|
