Welcome » IT Booklets » Information Security » Security Controls Implementation » Personnel Security » Agreements: Confidentiality, Non-Disclosure, and Authorized Use
Financial institutions should protect the confidentiality of information about their customers and organization. A breach in confidentiality could disclose competitive information, increase fraud risk, damage the institution's reputation, violate customer privacy and associated rights, and violate regulatory requirements.Under the GLBA, a financial institution shall design its information security program to ensure the confidentiality of customer information. Confidentiality agreements put all parties on notice that the financial institution owns its information, expects strict confidentiality, and prohibits information sharing outside of that required for legitimate business needs. Management should obtain signed confidentiality agreements before granting new employees and contractors access to information technology systems.
Authorized-use agreements are discussed in the "Access Rights Administration" section of this booklet.