Best Practices For Gramm-Leach-Bliley Compliance Re: Data Security and Customer Privacy
Sunday, March 9, 2014
swap o rama sign
Print Mail Download i

The U.S. Commodity Futures Trading Commission (Commission) issued a Staff Advisory on best practices for financial institutions that must comply with Gramm-Leach-Bliley Act (GLBA) provisions on data security and customer privacy.

CTFC Commodity Futures Trading CommissionGLBA was enacted to ensure that financial institutions respect the privacy of their customers and protect the security and confidentiality of nonpublic personal information.  Specifically, under the Commission’s regulations, futures commission merchants, commodity trading advisors, commodity pool operators, introducing brokers, retail foreign exchange dealers, swap dealers, and major swap participants (covered entities) “must adopt polices and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information.”  Those policies and procedures must:

  1. Insure the security and confidentiality of customer records and information;
  2. Protect against any anticipated threats or hazards to the security or integrity of such records; and
  3. Protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.

The recommended best practices include:

  • Designating a specific employee with privacy and security management oversight responsibilities;
  • Identifying, in writing, all reasonably foreseeable internal and external risks to security, confidentiality, and integrity of personal information and systems processing personal information;
  • Designing and implement safeguards, in writing, to control the identified risks;
  • Training staff to implement the program;
  • Regularly testing and monitoring the safeguards;
  • Implementing third party service provider agreements which specify that the third party is maintaining appropriate safeguards;
  • Regularly evaluating and adjusting the program; and
  • Designing and implementing policies and procedures to respond to incidents involving unauthorized access, disclosure, or use of personal information.

The best practices should look familiar to those who are familiar with the various state laws which require companies to implement written information security programs, as well as entities which are required to comply with HIPAA’s requirements.  Ultimately, every entity who maintains personal information, whether that of customers, clients, patients, or employees, should consider implementing a program to safeguard such information. 

Jackson Lewis P.C. © 2024

Current Legal Analysis

More from Jackson Lewis P.C.

Pregnant Workers Fairness Act Final Regulations Released
by: Joseph J. Lynett , Katharine C. Weber
USCIS Issues Employment Authorization Procedures for Palestinians on Deferred Enforced Departure
by: Forrest G. Read IV
OSHA Proposes Expansion of Workplace Protections for Emergency Responders
by: Courtney M. Malveaux , Melanie L. Paul
Ninth Circuit Holds Warehouse Worker Qualifies as Transportation Worker Under FAA Exemption
by: Scott P. Jang
MSHA Issues Long Awaited Final Silica Rule
by: Karl F. Kumli
Labor Commissioner’s FAQ on Fast Food Minimum Wage
by: Laura A. Pierson-Scheinberg , Benjamin A. Tulis
New Study Shows Gen Z LGBTQIA+ Students, Graduates Value, Seek Out Inclusive Workplaces
by: Teresa Burke Wright
DHS Extends, Redesignates Temporary Protected Status for Ethiopia
by: Forrest G. Read IV
Privacy Versus Cyber – What is the Bigger Risk?
by: Joseph J. Lazzarotti
Top Five Labor Law Developments for March 2024
by: Jonathan J. Spitz , Richard F. Vitarelli

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins