Many companies collect personal information from their customers, including names, addresses, and phone numbers; bank and credit card account numbers; income and credit histories; and Social Security numbers. The Gramm-Leach-Bliley (GLB) Act requires companies defined under the law as “financial institutions” to ensure the security and confidentiality of this type of information. The definition of “financial institution” under the Act is broad, and includes many businesses that may not normally describe themselves that way.
As part of its implementation of the GLB Act, the FTC issued the Safeguards Rule , which requires financial institutions to have measures in place to keep customer information secure.
You'll find advice about how to protect sensitive information in your care in the FTC brochure Protecting Personal Information: A Guide for Business.
Who must comply with the Safeguards Rule?
The Safeguards Rule applies to all businesses, regardless of size, that are “significantly engaged” in providing financial products or services. These include, for example, check-cashing businesses, payday lenders, mortgage brokers, nonbank lenders, real estate appraisers, and professional tax preparers. The Safeguards Rule also applies to companies like credit reporting agencies and ATM operators that receive information about the customers of other financial institutions.
How do companies comply with the Safeguards Rule?
The Safeguards Rule requires each financial institution to develop a written information security plan to protect customer information. The plan must be appropriate to the company’s size and complexity, the nature and scope of its activities, and the sensitivity of the customer information it handles.
For more detailed information about the Safeguards Rule please click here.
Hot Links
Use Our Materials In Your Community
The President's Identity Theft Task Force
2006 Identity Theft Survey Report
Test Your Knowledge about Identity Theft – Take the OnGuard Online Quiz
Key Publications
Taking Charge: What To Do if Your Identity is Stolen (PDF 1MB)
Safeguarding Your Child's Future (PDF 1MB)
To Buy or Not To Buy: Identity Theft Spawns New Products and Services To Help Minimize Risk (PDF 229KB)How To Plan and Host Protect Your Identity Days Kit (PDF 6MB)
Information Compromise and the Risk of Identity Theft: Guidance for Your Business
(PDF 152KB)
Protecting Personal Information: A Guide for Business (PDF 3.47MB)