The Safeguard Rule requires that any institutions covered by the GLBA protect, via administrative, technical, and physical means, the confidentiality, integrity, and security of any nonpublic personal information that institution retains. The United States Code is meant to be an organized, logical compilation of the laws passed by Congress. IN THE HOUSE OF REPRESENTATIVES April 19, 2023 The Congress ratifies the interpretation of the paragraph designated the Seventh of section 5136 of the Revised Statutes of the United States (12 U.S.C. with administrative, technical, and physical safeguards designed to protect customer information. Institutions and servicers also sign the Student Aid Internet Gateway (SAIG) Enrollment Agreement, which states that they will ensure that all Federal Student Aid applicant information is protected from access by, or disclosure to, unauthorized personnel, and that they are aware of and will comply with all of the requirements to protect and secure data obtained from the Departments systems for the purposes of administering the Title IV programs. WebThe Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999 (15 USC 6801 et seq. The GLBA is also known as the Financial Services Modernization Act of 1999. If you are human user receiving this message, we can add your IP address to a set of IPs that can access FederalRegister.gov & eCFR.gov; complete the CAPTCHA (bot test) below and click "Request Access". Under the Dodd-Frank Act, this rulemaking authority transferred to the Bureau of Consumer Financial Protection (except with respect to certain motor vehicle dealers), but the FTC continues to have enforcement authority. 0000002543 00000 n 1820a). In Dear CPA LetterCPA-19-01, the Office of Inspector General (OIG) explained the audit procedures for auditors to determine whether institutions were complying with GLBA. Privacy of Consumer Financial Or, as another example, if you apply for a loan at Bank C and have no pre-existing relationship with them, you're still only considered a consumer; you become a customer only if the loan is approved and you receive the money. box 40751 olympia wa 98504-0751 Summary of H.R.2714 - 118th Congress (2023-2024): To repeal certain provisions of the Gramm-Leach-Bliley Act and revive the separation between commercial banking and the securities business, in the manner provided in the Banking Act of 1933, the so-called "Glass-Steagall Act", and for other purposes. The Gramm-Leach-Bliley Act (G-L-B) versus Best Practices in Network Security. 314.4(c)). In cases where no data breaches have occurred and the institutions or servicers security systems have not been compromised, if the Department determines that an institution or servicer is not in compliance with all of the Safeguards Rule requirements, the institution or servicer will need to develop and/or revise its information security program and provide the Department with a Corrective Action Plan (CAP) with timeframes for coming into compliance with the Safeguards Rule. The Graham-Leach-Bailey Act (GLBA) is a 1999 law that allowed financial services companies to offer both commercial and investment banking, something that had WebThe Security Guidelines implement section 501 (b) of the Gramm-Leach-Bliley Act (GLB Act) 4 and section 216 of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act). Text We enforce federal competition and consumer protection laws that prevent anticompetitive, deceptive, and unfair business practices. And starting in 2019 well be tracking Congresss oversight investigations of the executive branch. The third major data privacy aspect of the GLBA is the Pretexting Rule. 24, as amended by section 16 of the Banking Act of 1933 and subsequent amendments) and section 21 of the Banking Act of 1933 (12 U.S.C. Information security safeguards are fundamental to a system of internal controls and essential for preventing disruption to these core objectives as they guard the information systems that collect, maintain, process, and disseminate student information. <> Section 4 of the Bank Holding Company Act of 1956 (12 U.S.C. The language of the notices may be fairly boilerplate, and indeed the SEC makes model forms available. Institutions violating the law can be fined up to $100,000 for each violation. endobj Gramm 6801 et seq). box 40751 olympia wa 98504-0751 Element 4: Provides for the institution or servicer to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 C.F.R. (1971)) as to the construction and the purposes of such provisions. 1338. 5 The Security Guidelines establish standards relating to administrative, technical, and physical safeguards to ensure the security, confidentiality, integrity and the 0000007171 00000 n ); (3)AAa covered entity or business associate governed by the privacy, security, and breach notification rules issued The effective date for most of the changes to the Safeguards Rule is June 9, 2023. Copyright 2020 IDG Communications, Inc. BpcUNy!6g82ja3u|jMM#GHR! by redesignating paragraph (5) as paragraph (3). by striking paragraph (6) and all that follows through the end of such subsection. Subtitle B of title I of the Gramm-Leach-Bliley Act is amended by striking section 114 (12 U.S.C. The Gramm-Leach-Bliley Act of 1999 (GLBA) was a bi-partisan regulation under President Bill Clinton, passed by Congress on November 12, 1999. 0000005185 00000 n 0000003542 00000 n 0000020628 00000 n You are encouraged to reuse any material on this site. Gramm 1338, codified in relevant part primarily at 15 U.S.C. Section 4(c)(8) of the Bank Holding Company Act of 1956 (12 U.S.C. These would take the form of strict requirements about evidence people need to provide to prove they have the right to information they're trying to access, along with staff training to recognize and push back against phishing and other forms of pretexting. The Board of Governors of the Federal Reserve System, after opportunity for hearing, may terminate, at any time, the authority conferred by the preceding subparagraph to continue any affiliation subject to such subparagraph until the end of the period referred to in such subparagraph if the Board determines, having due regard to the purposes of this Act, that such action is necessary to prevent undue concentration of resources, decreased or unfair competition, conflicts of interest, or unsound banking practices, and is in the public interest. by redesignating clauses (ii), (iv), (vi), (viii), and (ix) as clauses (i), (ii), (iii), (iv), and (v), respectively. As you might expect, data privacy requirements are stricter for customers. We are excited to now be on Mastodon, a social network developed by and for its users. Thank you for joining the GovTrack Advisory Community! Institutions should coordinate with their leadership and appropriate staff to implement the requirements in the Final Rule by June 9. 0JjvQ R 78c note) is amended. Any GLBA findings identified through a compliance audit, or any other means, after the effective date will be resolved by the Department during the evaluation of the institutions or servicers information security safeguards required under GLBA as part of the Departments final determination of an institutions administrative capability. Gramm-Leach-Bliley Act, Information Privacy, and HTQj@}Ygv5/"M";eag|BG y ^#XmRdPRj"\mc@FRDq+7{ER6{,_{kDF0Z"nd/b>oOc%"!a(N9!`bH.^"3=TgoNqe#k# ^TW=\wR}B >r? The Financial Privacy Rule (generally just shortened to the Privacy Rule) is relatively straightforward. Repeal of provision relating to foreign banks filing as financial holding companies. The act re-organized financial services regulation in the Section 6801 et seq. 41 note; 12 U.S.C. The regulations at 16 C.F.R. Gramm Section 18 of the Federal Deposit Insurance Act (12 U.S.C. The Gramm-Leach-Bliley Act (GLB Act) of 1999 sought to provide new rules for financial privacy. Updates to the Gramm-Leach-Bliley Act Cybersecurity Requirements, (GENERAL-23-09) Pub. Are you up on what the revised Rule requires? Statement Regarding the Termination of CalPortland Companys Attempted Acquisition of Assets Owned by Rival Cement Producer Martin Marietta Materials, Inc. Is Franchising Fair? The FTCs regulations require that the information security program contains administrative, technical, and physical safeguards that are appropriate to the size and complexity of the institution or servicer, the nature and scope of their activities, and the sensitivity of any student information. (Of course, this isn't always the case; some legislation deals with a fairly narrow range of related concerns.). Find legal resources and guidance to understand your business responsibilities and comply with the law. The Safeguards Rule took effect ABOUT THE GLB ACT The Gramm-Leach-Bliley Act was enacted on November 12, 1999. 6821 et seq.) The U.S. Senate 314.4(d)). We love educating Americans about how their government works too! 12 new state privacy and security laws explained: Is your business ready? This Electronic Announcement provides a summary of the changes to the GLBA requirements resulting from the Final Rule, explains the impacts of the changes on postsecondary institutions, and describes changes to the Department of Educations (Department) enforcement of the GLBA requirements. GLBA consumer vs. customer. Element 2: Provides for the information security program to be based on a risk assessment thatidentifies reasonably foreseeableinternal and external risks to thesecurity, confidentiality, and integrity ofcustomer information (as the term customer information applies to the institution or servicer) that could resultin the unauthorized disclosure, misuse,alteration, destruction, or othercompromise of such information, andassesses the sufficiency of anysafeguards in place to control theserisks (16 C.F.R. Join GovTrack.uss Inner Circle With a Yearly Membership, In retaliation for prosecutor Alvin Bragg indicting Trump, ALVIN Act would ban federal funds for, On March 29, Arizona Republican Andy Biggs introduced a (possible record) 521 bills in one day, No More Political Prosecutions Act would give presidents like Trump option to move their legal. While all elements of the Safeguards Rule are vital to protecting the security of customer information, an institution or servicer may significantly reduce the risk of a security breach, and the resulting harm and inconvenience to its customers, by encrypting customer information while it is in transit outside its systems or stored on its system and by implementing multi-factor authentication for anyone accessing customer information on its systems. The site is secure. 1 0 obj 11494, 129 Stat. Our public interest mission means we will never put our service behind a paywall. 1844) is amended by striking subsection (g). Gramm-Leach-Bliley Act endobj is the Gramm-Leach-Bliley Act, or If you have questions regarding any of the GLBA requirements, please contact the FTC at 202-326-2222. Ms. Kaptur (for herself, Ms. Norton, Ms. Omar, Ms. Pingree, Ms. Wild, Ms. Tlaib, Mr. Pocan, and Mrs. Watson Coleman) introduced the following bill; which was referred to the Committee on Financial Services. Privacy of Consumer Financial Information Rule Under the Gramm-Leach-Bliley Act A Rule by the Federal Trade Commission on 12/09/2021 Document Details Printed Guide to the GrammLeachBliley Act - International Association of The Gramm-Leach-Bliley Act (GLB Act or GLBA) is also known as the Financial Modernization Act of 1999. the purposes of this Act and the Gramm-Leach-Bliley Act, the following activities as, and the extent to which such activities are, financial in nature or incidental to a financial activity: (A) Lending, exchanging, transferring, investing for. SM_Y9d1`uwUN:t m^3_ . The publication provides valuable information such as describing what a reasonable security program should look like and goes over each of the nine required elements in greater detail. The reasoning of the Supreme Court of the United States in the case referred to in paragraph (1) with respect to sections 20 and 32 of the Banking Act of 1933 (as in effect prior to the date of the enactment of the Gramm-Leach-Bliley Act) shall continue to apply to subsection (bb) of section 18 of the Federal Deposit Insurance Act (as added by subsection (a) of this section) except to the extent the scope and application of such subsection as enacted exceed the scope and application of such sections 20 and 32. Sometimes these names say something about the substance of the law (as with the '2002 Winter Olympic Commemorative Coin Act'). Copyright 2023 IDG Communications, Inc. CSO provides news, analysis and research on security and risk management, Security and privacy laws, regulations, and compliance: The complete guide. >vz6 \ 24a) is amended to read as follows: In the case of a national bank which, pursuant to the amendments made by paragraph (1), is no longer authorized to control or be affiliated with a financial subsidiary as of the date of the enactment of this Act, such affiliation shall be terminated as soon as practicable and in any event no later than the end of the 2-year period beginning on such date of enactment. is amended by inserting after section 502 the following: 502A. We work to advance government policies that protect consumers and promote competition. Webwashington state law library; town center east, building 3 243 israel road se tumwater, wa 98501 (360) 357-2136; mail: p.o. Short title. Were looking to learn more about who uses GovTrack and what features you find helpful or think could be improved. :o8}*uj & S)72Uf'uWrTN03Mct-+r"vp=VC&:)7a\]mIsZ'>:g]bY4b2}`I TXfcme*1:1Ve{@#*b8$8+Ty;^uWLXU)@l)LRU>u}Ub8ga7qn`) gZ?I"6 endstream endobj 123 0 obj << /Type /Encoding /Differences [ 32 /space 191 /questiondown 248 /oslash ] >> endobj 124 0 obj << /Filter [ /ASCII85Decode /FlateDecode ] /Length 296 >> stream To repeal certain provisions of the Gramm-Leach-Bliley Act and revive the separation between commercial banking and the securities business, in the manner provided in the Part 314 use the terms customer and customer information. For the purpose of an institutions or servicers compliance with GLBA, customer information is information obtained as a result of providing a financial service to a student (past or present). V0! Repeated non-compliance by an institution or a servicer may result in an administrative action taken by the Department, which could impact the institutions or servicers participation in the Title IV programs. For instance, large educational institutions now have their GLBA compliance reviewed as part of their annual federal compliance audits that they must submit to the Department of Education. Such audits can provide invaluable feedback, but keep in mind that they're essentially just providing a second opinion from a private company, not offering the United States Federal government's seal of approval. GrammLeachBliley Act Text We find that the law has a differential impact across the financial services industry. 510 GRAMM-LEACH-BLILEY ACT14 (8) STATE INSURANCE AUTHORITY.The term State insur- ance authority means, in the case of any person engaged in providing Repeal of Gramm-Leach-Bliley Act provisions. Sponsor: Limitation on agency interpretation or judicial construction. Use our visualizations to explore scam and fraud trends in your state based on reports from consumers like you. 2'4R!`Y# !;_V.|r,/u;^Iq8yB^ug! Gramm-Leach-Bliley Act (Privacy of Consumer Financial Information) Introduction . Element 3: Provides for the design and implementation of safeguards to control the risks the institution or servicer identifies through its risk assessment (16 C.F.R. Notwithstanding the limitation of the January 1, 1970, approval deadline in subsection (c)(8), the Board may determine an activity to be so closely related to banking as to be a proper incident thereto for purposes of such subsection, subject to the requirements of this subsection and such terms and conditions as the Board may require. S. 1179. WebV, Gramm-Leach-Bliley Act (15 U.S.C. The Gramm-Leach-Bliley Act requires financial institutions companies that offer consumers financial products or services like loans, financial or investment advice, or insurance to explain their information-sharing practices to their customers and to safeguard sensitive data. See also infra discussion at section II.A. 112 0 obj << /Linearized 1 /O 115 /H [ 1050 560 ] /L 104808 /E 30824 /N 18 /T 102449 >> endobj xref 112 22 0000000016 00000 n Spot the latest COVID scams, get compliance guidance, and stay up to date on FTC actions during the pandemic. Rapp, James J., and Regana L. Rapp d/b/a Touch Tone Information, Inc. NovaStar Financial, Inc. and NovaStar Mortgage Inc. 16 CFR Part 314: Standards for Safeguarding Customer Information (Supplemental Notice of Proposed Rulemaking), 16 CFR Part 314: Standards for Safeguarding Customer Information (Final Rule), 16 CFR Part 313: Privacy of Consumer Financial Information Rule under the Gramm-Leach-Bliley Act, Ascension Data & Analytics, LLC; Analysis To Aid Public Comment, Agency Information Collection Activities; Submission for OMB Review; Comment Request (Privacy Rule), Agency Information Collection Activities; Proposed Collection; Comment Request (Privacy Rule), Postponement of Public Workshop Related to Proposed Changes to the Safeguards Rule, DealerBuilt/LightYear Dealer Technologies; Analysis To Aid Public Comment, 16 CFR Part 314: Standards for Safeguarding Customer Information; Extension of Deadline for Submission of Public Comments, Privacy of Customer Financial Information-Security; Advance Notice Of Proposed Rulemaking And Request For Comment, Final Model Privacy Form Under the Gramm-Leach-Bliley Act - 16 CFR Part 313, Standards for Safeguarding Customer Information; Final Rule - 16 CFR Part 314, Privacy of Consumer Financial Information; Final Rule - 16 CFR Part 313, Privacy of Consumer Financial Information; Proposed Rule - 16 CFR Part 313, Keynote Remarks of Commissioner Christine S. Wilson at the Privacy + Security Academy, Opening Remarks of Chairman Joseph Simons at FTC Equifax Press Conference, Opening Remarks of Commissioner Terrell McSweeny. Gramm-Leach-Bliley Act. To repeal certain provisions of the Gramm-Leach-Bliley Act and revive the separation between commercial banking and the securities business, in the manner provided in the Banking Act of 1933, the so-called Glass-Steagall Act, and for other purposes.