|
The Gramm-Leach Bliley Act (GLBA) data protection
requirements mandate that financial institutions protect the security
and confidentiality of customers' non-public personal information
and institute appropriate administrative, technical, and physical
safeguards to accomplish this requirement. GLBA also requires covered
institutions to protect against any anticipated threats or hazards
to the security or integrity of customer records; and to protect
against unauthorized access to or use of records or information
which could result in substantial harm or inconvenience to any customer.
Many institutions that are not commonly thought
of as financial in nature are covered by GLBA requirements, such
as insurance companies, tax prepares, colleges and universities,
financial planners and others.
In defining and implementing an information security
program, covered institutions must develop a risk-based information
security program that includes involvement of the board and senior
management, a risk assessment of threats and vulnerabilities, effective
risk management and controls, training, testing, vendor oversight,
monitoring and adjusting, and board reporting.
|
