Since the inception of the Gramm-Leach-Bliley Act that ended regulations that prevented the merger of banks, stock brokerage companies, and insurance companies, government regulations have been instituted to put restrictions on the use and access of the incredible amount of personal information they now have available to them.

Information that many would consider private--including bank balances and account numbers--is regularly bought and sold by banks, credit card companies, and other financial institutions. Because of these risks, the GLBA included three simple requirements to protect the personal data of individuals: .

1. First, banks, brokerage companies, and insurance companies must securely store personal financial information.

2. Second, they must advise customers of their policies on sharing of personal financial information.

3. Third, they must give consumers the option to opt-out of some sharing of personal financial information.

Who must comply with GLBA?

All businesses, regardless of size, that are “significantly engaged” in providing financial products or services must comply. This includes check-cashing businesses, payday lenders, mortgage brokers, nonblank lenders, personal property or real estate appraisers, professional tax preparers, and courier services. The Safeguards Rule also applies to companies like credit reporting agencies and ATM operators that receive information about the customers of other financial institutions.

There are many rules to ensuring compliance, which include:    

• Developing a written information security plan that describes the process by which customer information is safeguarded.

• Identifying and assessing the risks to customer information in each area of a company’s operation, and evaluating the effectiveness of the current safeguards for controlling these risks.

• Designing and implementing a safeguards program that is regularly monitored and tested.

• Selecting service providers that can maintain appropriate safeguards, and making sure your contract with them requires them to maintain the safeguards they have in place.

• Evaluating and adjusting the program based on relevant circumstances, including changes to your firms business or operations, or the results of security testing and monitoring.

ATIBA professionals can help you establish the safeguards necessary to protect the private information of your customers. We will develop a comprehensive and structured information security plan, and assist as needed with on-going adjustments and testing.