CFPB Readiness Series: GLBA and Regulation P

by KirkpatrickPrice / August 21st, 2013

The purpose of this webinar is to assist you in understanding the updates that have been made to the GLBA’s Regulation P and the importance of establishing a privacy policy and a written information security program for your organization. Hear our speaker, Joseph Kirkpatrick, President of KirkpatrickPrice, dive into the intricacies of this specific regulation and demonstrate why privacy policies are essential to achieving and maintaining your organization’s compliance objectives.

What is the GLBA and Regulation P?

Established in 1999, the GLBA is the Gramm-Leach-Bliley Act, which regulates the ways in which financial institutions use the private information of individuals and mandates protection of PHI. Regulation P, according to the Federal Reserve, “governs the treatment of nonpublic personal information about consumers by financial institutions.” Such nonpublic personal information can be defined as social security numbers, credit card numbers, or account numbers. The privacy requirements determined within the updated Regulation P are:

  • Notifying clients about privacy policies and consumer rights
  • Providing an initial privacy notice upon establishing a relationship with a customer
  • Distributing an annual privacy notice to consumers
  • Establishing the type of information to be included in notices
  • Making consumers aware of opt out methods via opt out notices
  • Sending revised privacy policy notices
  • Determining limits on disclosure to nonaffiliated third parties, redisclosure and reuse of information, and sharing account numbers for use in marketing purposes
  • Creating an exception to opt out requirements for service providers and joint marketing personnel as well as for processing and servicing transactions

How Can I Make an Effective Written Information Security Program?

To better safeguard your consumers’ nonpublic personal information and ensure that it is kept private and secure, establishing a written information security program is key. To do so, your program should include the following characteristics:

  • Approved and overseen by the Board of Directors
  • Properly trained employees
  • Designated employee(s) to coordinate safeguards
  • Identified and assessed risks to customer information
  • Implemented controls to safeguard and monitor risks
  • Overseen service providers
  • Evaluated every year and make needed adjustments to the controls

To learn more about CFPB compliance, contact us today.