February 11, 2022
Everything You Need to Know About GBLA
As all financial institutions know, it is vital that all of the personally identifiable information in your care remains private and secure at all times. With identity theft and fraud rates continuously rising year after year, the United States government has worked to enact various legislation to help counteract these crimes. One such piece of legislation is the Gramm-Leach-Bliley Act. To help you better understand the act and its role in fighting identity theft, we have broken down everything you need to know.
What is the Gramm-Leach-Bliley Act (GBLA)?
The Gramm-Leach-Bliley Act of 1999, or GBLA, was created with the purpose of protecting consumers and holding financial institutions accountable for data breaches and leaks. The GBLA’s Privacy of Consumer Financial Information Rule requires that companies offering consumers financial products or services like loans, financial or investment advice, or insurance explain their information-sharing practices to their customers. This rule also makes it the consumer’s right to decide if they would like to be a part of third-party information sharing, allowing them to decide whether or not they would like to opt-out of any of the institution’s information sharing activities.
Additionally, the Safeguards Rule of the GBLA requires that the consumer information that is collected be protected by the institution. This includes creating a written data security plan that lays out “the administrative, technical, or physical safeguards you use to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle customer information.” These safeguards include secure document disposal for physical documents, such as paper shredding, and encryption software and firewalls for digital files. Financial institutions can be fined up to $100,000 per violation of GBLA while directors, CEOs, and other high-ranking employees can face penalties up to $10,000 per violation.
What does GBLA protect?
Confidential data comes in many different forms across various industries. For instance, a bank, a car dealership, and a mortgage company may all collect and house that same basic information along with specific data pertaining to their field. Because of this, the general rule under GBLA is that any and all financial information supplied by a customer to a company that handles financial products falls under the protection of the act.
Who must comply with GBLA?
As mentioned previously, the Gramm-Leach-Bliley Act applies to any organization that offers financial products or services to customers. This includes obvious organizations such as banks and credit unions as well as debt collectors and those in the real estate and mortgage industries. Other businesses such as credit card companies and car dealerships must also adhere to GBLA requirements. However, GBLA also goes beyond financial institutions by requiring that the institution’s partners and service providers also actively participate in data security practices involving all customer information in their care.
What is the best way to ensure compliance?
When it comes to protecting personally identifiable information in your care, there is no such thing as being too careful. From encrypting digital files to secure handling by employees, there are many different factors to consider. Here are a few of the most important steps to making sure that your company remains compliant with all of the Gramm-Leach-Bliley Act requirements.
Train Staff on GBLA
It is vital that every institution handling customers’ confidential information works to ensure that all of its employees are familiar with GBLA as well as their roles and responsibilities when it comes to remaining compliant. Companies should provide proper training both during the onboarding process and throughout the employee’s tenure. This training should cover things such as information security protocols both in the workplace and at home, how to keep digital and physical files safe from unauthorized eyes, and secure document disposal procedures.
A company should also ensure that all of their document security bins are placed in strategic locations that are easy for staff to access, making it more likely that they will be used. You should put measures in place to monitor document disposal practices to guarantee that all individuals in the workplace are following all of the recommended security procedures to identify potential issues and areas for improvement.
Maintain a Records Retention Schedule
Just as it is important to ensure that everyone knows how and where to dispose of unneeded confidential information, it is equally as important to determine when to dispose of the information. In many cases, though a document is no longer in use, your institution may be required by law to keep the information for a predetermined period of time. This is why organizations must take the time to create and maintain a records retention schedule.
This document serves as a guide for the different types of documentation collected by the company, who owns the information, what the legal requirements are for holding on to the information, and when each form of documentation should be disposed of. With a records retention schedule, financial institutions and other organizations can work to create a clear and consistent plan for what private data should be disposed of and when, as well as reduce risks associated with document disposal and track when each item was thrown out.
Ensure a Secure Disposal Process
In current times, it is likely that a vast majority of your business’s data is stored electronically as well as physically. As files on these differing formats must be disposed of in different ways, you should take the time to thoroughly think through your procedures for a secure document disposal process. Files containing confidential data cannot be simply tossed into the trash, no matter the medium that they are stored on.
Paper files should be shredded by a professional financial record shredding company to guarantee that all local, state, and federal rules and regulations are followed in addition to GBLA. A mobile shredding service can take your paper documents and turn them into hundreds of tiny particles, making it nearly impossible to reassemble. The pieces are then taken to a secure local recycling facility to be reused in new products which guarantees that the information on the paper can never be used.
Similarly, hard drives should be shredded to ensure that all data fragments are irretrievable. This process can also be performed by a mobile shredding company so that all of your private information is destroyed before ever leaving your location. Organizations that need large quantities of information destroyed may benefit from hiring an ongoing shredding service so that you never have to worry about scheduling services or having your files pile up, which can cause serious security risks.
Protect Financial Information and Ensure Compliance with PROSHRED®
If you are in need of a mobile document shredding service in your area, don’t hesitate to contact PROSHRED® today! Our team of experienced shredding professionals will work with you to craft a document, hard drive, or product disposal plan that suits your business’s unique needs. All of our team members are subject to rigorous hiring and training procedures so that you can rest assured that all of your data is in good hands at all times. Don’t take chances when it comes to your GBLA compliance. Call PROSHRED® Tampa for more information and a free quote now!