CFPB Readiness Series: GLBA and Regulation P
What is the GLBA and Regulation P?
Established in 1999, the GLBA is the Gramm-Leach-Bliley Act, which regulates the ways in which financial institutions use the private information of individuals and mandates protection of PHI. Regulation P, according to the Federal Reserve, “governs the treatment of nonpublic personal information about consumers by financial institutions.” Such nonpublic personal information can be defined as social security numbers, credit card numbers, or account numbers. The privacy requirements determined within the updated Regulation P are:
- Notifying clients about privacy policies and consumer rights
- Providing an initial privacy notice upon establishing a relationship with a customer
- Distributing an annual privacy notice to consumers
- Establishing the type of information to be included in notices
- Making consumers aware of opt out methods via opt out notices
- Determining limits on disclosure to nonaffiliated third parties, redisclosure and reuse of information, and sharing account numbers for use in marketing purposes
- Creating an exception to opt out requirements for service providers and joint marketing personnel as well as for processing and servicing transactions
How Can I Make an Effective Written Information Security Program?
To better safeguard your consumers’ nonpublic personal information and ensure that it is kept private and secure, establishing a written information security program is key. To do so, your program should include the following characteristics:
- Approved and overseen by the Board of Directors
- Properly trained employees
- Designated employee(s) to coordinate safeguards
- Identified and assessed risks to customer information
- Implemented controls to safeguard and monitor risks
- Overseen service providers
- Evaluated every year and make needed adjustments to the controls
To learn more about CFPB compliance, contact us today.