Compliance

Gram-Leach Bliley Act (GLBA)

What the Gramm-Leach Bliley Act is:
Also known as the Financial Services Modernization Act. The Gramm-Leach-Bliley Act (GLBA) was enacted in 1999 to protect private consumer information held by financial institutions. The GLBA requires banks to develop privacy notices, and to provide customers with the option of prohibiting the sharing of their confidential information with non-affiliated third parties. On July 1, 2001, the Act was amended, requiring financial organizations to have a comprehensive, written information security program in place.

Section 501 of the Gramm-Leach-Bliley Financial Services Modernization Act (GLBA) of 1999, which addresses "Protection of Nonpublic Personal Information," requires federal banking agencies, the National Credit Union Administration (NCUA), the Securities and Exchange Commission (SEC), the Secretary of the Treasury, and the Federal Trade Commission (FTC) "to consult" with one another to establish consistent, and comparable standards for financial institutions related to "administrative, technical, and physical safeguards" for customer information. From initial assessments and planning phases through execution, and ongoing management, SunGard Availability Services offers solutions to assist in compliance with Section 501 of the Gramm-Leach-Bliley Financial Services Modernization Act, and support information availability.

Who is affected by GLBA?
The GLBA applies to virtually every business in the United States engaged in the “financial services” industry: institutions that provide financial products and services to consumers. This applies to all national banks and federal branches of foreign banks that are required to follow US banking regulations.

According to the Act, financial institutions are required to implement a comprehensive, written information security program that includes proper administrative, technical, and physical safeguards, the nature of which are dependent upon the size and complexity of the organization. This requirement extends to any subsidiaries of the parent financial organization. The program must be designed to protect consumers’ non-public, personally-identifiable information by ensuring security and confidentiality of data, by preventing potential risks and threats to data, and by protecting against unauthorized access to or use of consumers’ private information.

OffsiteDataSync Ensures Compliance By:

• Offering GLBA-compliant retention policy; we retain legal counsel to ensure our retention policies for publicly traded financial institutions are GLBA compliant. We employ the technical expertise to successfully apply these policies, and mitigate the risk of non-compliance
• Providing full daily generations as well as weekly, monthly, and annual archive snapshots
• Enabling ‘legal hold’ (click here for in-depth information on legal hold) if and when necessary
• Utilizing true Continuous Data Protection (CDP) to ensure ALL correspondence and communications as well as files and other records are captured instantly
• Enabling dynamic search, download, and instant access to all generations of data to meet the needs of any and all requests by a Board of Directors as necessary
• Maintaining a full audit trail and complete logging with respect to activity, changes access, and uploads / downloads
• Developing and implementing password rotation and encryption key forwarding customized to SOX specific rules, ensuring only the appropriate customer personnel have access to backed up information
• Providing certified data destruction certificates with several overwrite methods
• Writing and enforcing a SOX-compliant retention policy – limiting liability for organizations to the timeframes outlined by the Sarbanes Oxley Act