The Gramm Leach Bliley Act (GLBA) was enacted in 1999 to provide a regulatory framework for overseeing the privacy and data security practices of diverse financial institutions. This includes requirements for institutions to inform customers about privacy practices, implement security safeguards for customer information, and adhere to standards set by the Commission and other federal agencies. The Safeguards Rule, promulgated in 2002, outlines the current requirements for financial institutions to develop and maintain a comprehensive information security program. This program must written, tailored to the institution’s size, activities, and the sensitivity of customer information, encompassing risk assessment, safeguards design, testing, and regular program evaluation. Additionally, financial institutions are mandated to appoint an employee or employees to coordinate the information security program and select service providers capable of maintaining appropriate safeguards for customer information.
The Commission issued final amendments to the Safeguards Rule on December 9, 2021 and certain provisions of the Rule took in effect last June 9, 2023. The Final Rule introduces detailed criteria for risk assessments, specific safeguard requirements, and improved accountability.
The Federal Trade Commission (FTC) has updated the definition of “financial institution” in the Safeguards Rule to include entities engaging in activities incidental to financial activities, as defined by the Bank Holding Company Act. This means that “finders,” businesses that connect buyers and sellers, are now covered under the Rule, but only if they engage in finding services for consumer transactions and have an ongoing relationship with the consumers involved. Federal regulations referenced in the rule further broaden this definition to encompass various financial and investment advisory services, including tax planning and preparation assistance for individuals, families, and households.
At HPSi, we take cybersecurity and compliance seriously. Our seasoned experts will guide you through the intricacies of the FTC Safeguards Rule, helping you tailor a written information security program that aligns with your business objectives. As a leading IT systems integrator and managed services provider in Hawaii, we are dedicated to safeguarding your digital landscape. With a focus on secure and compliance solutions, we ensure your business remains resilient in the face of evolving threats.
We know that you are getting a lot of cold calls trying to sell you something that you are not sure about. Even worse, it can be very humbug, like someone’s trying to exploit your fears. We’ve heard from many clients feeling confused and frustrated by these tactics.
If you feel lost and wondering, “Where do I start?”, check out our YouTube series where we discuss the different elements of developing a reasonable written information security program (WISP).
Contact us and get a quick idea of how you may benefit from performance-driven technology systems.
