1.What is the Gramm-Leach-Bliley (GLB) Act ?
A. The GLB Act, also known as the Financial Services Modernization Act was passed in 1999 and featured a sweeping overhaul of the financial services landscape with an emphasis on expanding the powers of bank holding companies by broadening the legal definition of “financial institution” to include activities not normally thought of as those of a financial institution.
2. What are some of these new financial institutions?
A. In addition to banks and savings and loan associations; financial institutions now include insurance agencies and companies, loan brokers, real estate agents/brokers, investment advisors, tax preparers, auto dealers who lease or finance, real estate appraisers, check-cashing companies, non bank lenders, university financial aid offices, mortgage loan brokers/lenders, and courier services among others.
3.Why did the FTC enact the Safeguards Rule?
A. The FTC enacted this rule in order to meet the GLBA’s requirement that all covered institutions not already regulated by federal or state agencies would be regulated by the Federal Trade Commission.
4.Do these regulations apply in every state?
A. Yes, these are federal laws and apply everywhere within the United States regardless of the institution’s size.
5.Are Certified Public Accountants (CPAs) also included?
A. Yes, if they prepare or assist in the filing of any tax returns and in the process are the possessors of confidential client information such as bank account numbers, social security numbers, etc.
6. What is the deadline for compliance with the FTC’s Safeguards Rule?
A. May 23, 2003 or May 23, 2004 if you meet certain special circumstances.
7.What are the FTC fines for non-compliance?
A. While the FTC can impose fines of up to $10,000 per day for failure to comply with required regulations; the real danger to a small business is in the event of a civil lawsuit filed as a result of a client’s loss of confidential information resulting in “identity theft.” A plaintiff’s lawyer might have an easier time in constructing a case if the business didn’t take reasonable measures to protect the client’s information
8.I’ve got a firewall on my network and anti-virus software installed so I shouldn’t need to do much more to comply?
A. Setting aside the fact that very few Windows computers not in expert hands are safe while connected to the internet; the rule requires that written security policies and procedures be put in place as well as that reasonable efforts be made to secure the network from unauthorized use.