If you are interested in cyber security. It is very important to study laws that related to that field. Specially the laws that organize information sharing. Such as personal information that possibly required to share for example: credit report, medical record, school record, background check, address, …. etc.
When a person shares private information to receive a service. This information may be very sensitive and must remain confidential because if some of this information spread it may cause huge risk for that person. For example, someone may not become able to get a job if his medical record show that he or she is sick. Or if someone financial record indicates that he or she have a lot of money. That may risk their life because someone may try to robe them. Sharing the social security number may allow others to theft someone identity and cause a lot of trouble for he or she.
In this paper we will focus on the Gramm-Leach-Bliley Act (GLBA). We will explain the purpose, scope, and key requirement of GLBA.
The Gramm-Leach-Bliley Act (GLBA) is a federal law. It is known as the financial modernization act of 1999 in the United States. Work for financial institution and Companies that provide financial products or services. To explain the information sharing procedures. And to protect the sensitive information.
The GLBA Act have tree main parts:
– The financial privacy rules: How to collect and disclose The private financial information.
– The safe guard rules: The security methods that the financial service provider organization implement to protect private information.
– The pretext provisions: To prevent access to private information by providing code through text as an advanced level of security.
The GLBA act also require the financial institution to give their customer a written privacy notice explain their information sharing practice.
Learning the purpose of Gramm-Leach-Bliley Act (GLBA). The scope of it and how it can be used to protect consumer.
Objectives and Aims
How to protect the privacy of the consumer’s information using the Gramm-Leach-Bliley Act (GLBA).
The GLB Information Law
The Gramm-Leach-Bliley Act (GLBA) is a federal law that allow financial institution the freedom of offering a full range of services and stability to their customers. It requires the financial institutions to disclose the way they protect and share their customer’s private information.
The GLBA was signed into a law in 1999 by president Clinton. Repeals the Glass-Steagall Act 1933 and the Bank Holding Company Act 1956. That denied Banks from providing secure trading or insurance services.
After the GLBA law a new type of Corporation that combined Bank, Insurance, Secure trading and other financial services to exist and come to life in one place. The GLBA law authorized the states and 8 federal agencies to monitor all collectors and holders of personal financial information. Also, to monitor and enforce the security and privacy of the private information that related to any financial products or services. Including brokers, debt collectors, credit counselors, financial advisors, small lenders, and tax-return preparers.
The GLBA also allow the consumers in some places a level of control by choose to not share their information. Or they can choose to not provide some of optional information. They can also not accept some of the service or opt out from marketing lists or refuse any additional services that may offered by any financial institution they are dealing with.
The Purpose of The GLBA: The GLBA main purpose is to protect the consumers private information. Also, allow the states and federal agencies to ensure that the financial institutes have policies and procedures in place to prevent unauthorized disclose or accessing customer’s information.
The GLBA Scope:
The GLBA scope is to ensure the financial institution comply with the GLBA act and provide the requirements to ensure the security and confidentiality of the consumers data. Also protect the consumer’s information against any threats or hazards even if it is employ integrity. Also protect against unauthorized access that may result in harm or inconvenient for the customer.
The GLBA Key requirements:
– Protect any private information for the customers. Such as personal information, name, phone, address, loan details, credit limit, tax return.
– Provide financial services or products: such as loans, debit or credit cards, bank account, wire transfer.
– Protect data and information. Maintain protection for the private information. For example: encryption, pretext confirmation, username and password or access code.
Identifying the organizations in the Privacy and Institutional Security media slideshow:
The slideshow shared few incidents where some well know organizations had security breaches that can damage their repetition. Also may destroy people lives. The companies that listed in the slideshow are:
– LinkedIn: Hackers sole 6.4 million passwords from data base.
– AVA analyst lost a laptop and external hard drive that containing 26.5 million unencrypted records.
– RSA an advanced persistence threat stole information related to secure ID technology.
– TJX company hackers stole 46.5 million credit and debit cards numbers.
The organization that had security breach that represent they didn’t have a strong enough protection. What lead to have security breach. The GLBA act require organization to maintain their customer’s information secured. Continue to provide and improve their customer privacy.
The first things this organization must do to inform their customer’s. About the incident and what they can do to prevent the same type of breaches. They may require to offer free services to protect their customers from what happened.
For example, The TJX company can offer their customers a free credit monitoring services.
The Safeguard Rules:
The Safeguard rules indicate each financial institution must implement a written information security program include:
– Designate employee to coordinate the program
– Identify the risks to the customer’s information in each process of the operations
– Design and implement safeguard plan
– Evaluate and update the safeguard rules if necessary by apply random testing
– Inform the customers in case of any security breach
GLBA Safeguard Scenario:
One of the very popular scenarios when you apply for a credit card. As a customer the bank must share with you. There security policies. Fraud protection law. In case someone use your card online without your permission. You are not responsible for that amount. The bank is required to replace the card and issue a new one to ensure the security. Also when you fill up the application. The bank must let you know who will have access to your information. And share their security rules with you. In case the bank detects any breach the must let you know.
If you have a bank account. And your bank offers an online access. The Safeguard rules apply to the online banking service. And your bank is requiring to request the customers to sign up and provide login information username and password. In addition to other information to ensure the customer identity. The customer required to provide some personal information online. And the bank requires to provide secure environment protect the customer information. And provide safe connection at anytime from anywhere. The customer will have access to manage their accounts online and access different services such as check deposit, pay bills, transfer, check balance or apply for new services. And the bank required to provide security and share the policy and how the customer information will be treated.
The Federal Trade Commission (FTC)
The Federal Trade Commission (FTC) is an independent US federal law enforcement agency. That monitor financial institutions that offer, loans, credit cards, or any other financial services. Released privacy and data security update (2015). This update prohibits unfair practices in the marketplace. Such as online privacy protection, lending act, Equal Credit Opportunity Act, the Fair Credit Reporting Act, the Fair Debt Collection Practices Act, and the Telemarketing and Consumer Fraud and Abuse Prevention Act.
The Relationship Between GLBA and FTC:
FTC had issued rules and guidelines that implement GLBA security rules. All the organization or service providers who are covered by FTC are required to comply with GLBA security and safeguard rules. To protect their customer’s privacy. For example, Brokers, Tax preparers, Dealers, Debt collectors, and Schools.
Payment Card Industry (PCI):
The Payment Card Industry (PCI) is a global organization. Develop and enhance the understanding of security standards for payment account security. It called also the Security Standards Council. The Council’s founding members, American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc., have agreed to incorporate the PCI Data Security Standard (PCI DSS) as part of the technical requirements for each of their data security compliance programs.
The (PCI) Data Security Standard (DSS) Relation with GLBA:
The DSS is the security rules that made by PCI global organization to increase the security for the credit cards and reduce the fraud. For the card holder around the world including the US
The GLBA is a US law that manage and control the customer privacy security. This law required by all financial institution in US.
We can say that the DSS rules made to protect the credit card holders around the globe and GLBA made to protect financial services customers in the US. The have different rules but they share the same goals.