3.131- What Precautions should be taken to protect customer information under GLBA?

The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance, to explain their information sharing practices to their customers and to safeguard sensitive data.

The Consumer Privacy Protection Act of 2017 was enacted to ensure the privacy and security of sensitive personal information, to prevent and mitigate identity theft, to provide notice of security breaches involving sensitive personal information, and to enhance law enforcement assistance and other protections against security breaches, fraudulent access, and misuse of personal information.

An offer of employment, offer of financial service to include Insurance, Extension of credit, a background check for the grant of a state or federal license are some of permissible purposes to obtain and for the use of non public information with prior consent of the individual.

The Gramm-Leach-Bliley Act (GLBA) mandates financial institutions to provide a notice to its customers regarding its privacy policies and non-sharing of the non public information.

The term ‘public information’ refers to any sort of data that an agency reveals or makes known to the general public notwithstanding the form or composition; however the NPI(non public consumer information) is a pivotal but contrasting notion here.

Examples of non public information can includes Social Security number, Bank account information, certain transactions with financial institutions and Personally Identifiable Financial Information.

Under the GLBA, the financial institution must have policies and procedures in place to assure that the customer's private information is safeguarded from misuse. For example, Information must be restricted and placed in locked filing cabinets and password protected computer systems with restricted access, paper files should be shredded rather than placed in a trash can and all documents after the specified retention time frame must be shredded by a professional shredding company.