When it comes to sensitive financial data, the small details of storage and destruction can have some of the biggest impacts on your business. If your company holds, transmits, stores, collects or otherwise processes sensitive financial data, you may be subject to laws and regulatory statutes designed to protect the confidentiality and financial security of your customers. Like many government regulations, GLBA has a myriad of provisions that require strict compliance. Here we break down just what GLBA compliance means and discuss real world solutions for helping you focus less on the law and more on serving your customer’s needs.
Just what is GLBA
The Gramm Leach Bliley Act (GLBA), also known as the Financial Services Modernization Act, is a law passed by congress that requires “financial institutions” to protect their customer’s sensitive data and sets out methods by which these institutions must communicate their data protection policies to customers. While the various provisions of the act can be onerous, at its core the GLBA protects consumers by requiring that their sensitive financial information be protected both during storage and disposal.
How to tell if GLBA Affects Your Business
The privacy provisions of GLBA apply to business, whether large or small, that are “significantly engaged” in providing financial products or services. Banks and broker/dealers obviously fall into this category but other, less obvious, lines of business such as credit reporting agencies, ATM operators, professional tax preparers, lenders and check bashing businesses also fall under the provisions of the act. In short, if you deal in, store, review or dispose of sensitive financial data, you may be subject to the rigorous compliance provisions of the act.
The Privacy of Consumer Financial Information Rule and What it Means to You
In addition to proper storage and destruction, the Privacy of Consumer Financial Information Rule in the GLBA (Privacy Rule) requires that companies covered by the act also develop and maintain a comprehensive internal policy regarding how sensitive financial data is handled. These policies are also required to be shared with customers, including how customers may opt out of any data sharing policies.
Best Practices for Financial Data and Destruction
Whether you manage, store or deal in sensitive financial information, your internal data management plan should meet and exceed the requirements of GLBA to avoid penalties, civil liabilities and more. Developing an internal plan should include a primary internal contact such as a records or retention manager, as well as a written plan for destruction of sensitive information. Devices that store this sensitive information and their disposal, is a critical part of any such plan. While determining the minimum requirements under GLBA can take up time and resources, the costs or non-compliance well outweigh the initial investment.
The Costs of Non-Compliance
Everywhere we turn in today’s day and age we see headlines regarding privacy breaches, information hacks and either unintentional or even malicious data leaks. These types of breaches in your customer’s privacy can cause obvious reputational risks to your company. Under the GLBA, individual fines for non-compliance with the various provisions of the statute can also result in fines of up to $1 million per incident. These are in addition to any civil penalties that may be awarded in serious breaches that result in actual harm to your customers such as stolen financial information from improperly disposed of e-waste.
What to Look for in a Data Destruction Partner when it comes to GLBA
First and foremost, when partnering with a data destruction company you should look for a robust knowledge of all provisions of GLBA, as well as any other state or federal regulations that may govern your particular business. This will often take the form of government certifications and a record of ongoing training. Whether the acts are applicable to your business is only the tip of the iceberg when it comes to compliance. Your data partner should also have a wealth of experience and knowledge regarding how others in your line of business have developed the best, most efficient plans for compliance and the capabilities for helping you execute. Before choosing a provider, ask for previous examples of clients in your field they may have worked to provide additional peace of mind.
The Final Word on GLBA and CyberCrunch
At Commonwealth Computer Recycling (CyberCrunch) we have the right combination of knowledge and experience to help with destruction and recycling of your e-waste to ensure your compliance with all federal regulations. Whether financial information falling under GLBA or sensitive medical data governed by HIPAA, CyberCrunch holds numerous government certifications to ensure our company and individual technicians know the best practices for your industry. When using CyberCrunch services you can rest easy knowing we offer:
- Fully GLBA compliant certifications
Cyber liability insurance
Background checked and GLBA trained staff
R2 Certified recycling
At CyberCrunch we aim to go above and beyond in the service and care we provide to our customers. We pride ourselves on our knowledge and professionalism and make it our business to know the ins and outs of GLBA and other federally mandated data privacy and protection laws. In short, we have the expertise needed when it comes to electronic data disposal so that you can focus on the bigger picture of maintaining and growing your financial institution or related business.