Do I Need to Worry About GLBA?

When was the last time you actually worried about the Gramm-Leach-Bliley Act in your business? You might not even know what it is. After all, the name alone is quite a mouthful. So what is the GLBA and why should it matter to you?

Simply put, GLBA is a law that requires “financial institutions” that collect personal information from their customers, including names, addresses and phone numbers; bank and credit card account numbers; income and credit histories or Social Security numbers to ensure the security and confidentiality of this type of information. The Federal Trade Commission (FTC) has been tasked with enforcing the law and issued Safeguard Rules that spell out the steps a business must follow to ensure compliance.

Who must comply? The definition of ‘financial institution” is fairly broad in GLBA and includes many businesses that may not normally describe themselves that way. In fact, the RULE applies to any business, regardless of size, that is “significantly engaged” in providing financial products or services. This includes, for example, check-cashing businesses, payday lenders, mortgage brokers, nonbank lenders, personal property and real estate appraisers, professional tax preparers, insurance companies, ATM operators, courier services- even car dealers who have financing departments.

The goal of GLBA is to maintain the security, confidentiality and integrity of customer information through the use of administrative, technical and physical safeguards. The law is also designed to prevent unauthorized disclosure, misuse, alteration or destruction of information.

All of these are good things for consumers and, frankly, makes good business sense. You spend years building trust with your customers and a serious loss of sensitive data can do serious damage to the legacy of your brand.

Failure to comply with GLBA also carries severe penalties: imprisonment up to 5 years, steep fines or both. A financial institution can be fined up to $100,000 for each violation, officers and directors can be fined up to $10,000 for each violation.

Still not sure if your business should worry about GLBA? Blough Tech has more than twenty years’ experience helping small business determine their risk and then designing systems to ensure compliance. Just click below for a free review of your business. And then, stop worrying.