The massive hack of JPMorgan Chase and other banks shows how huge the apetite of cybercriminals
for financial data .Such breaches usually result in massive damage can cause a business as such to incur (JPMorgan Chase attack resulted in damages more than 80 million accounts), businesses that handle financial data to face high level of investigation in terms of information security.
The Gramm-Leach-Bliley Act (GLBA) which was instituted in 1999 and known to be safeguard protecting customers . It is known to be established measures that holds financial institutions responsible for the privacy of their clients’ data.
The GLBA applies to “financial institutions,” a term that includes any business that deals in financial activities, from mortgage lenders to car dealers
Most customers are familiar with GLBA compliance in the form of privacy notices. Businesses are required to send their customers reports about their information sharing and security practices. The banks are still obligated to make you aware on how your data is being protected and that they are not allowed to share or sell your private data with other companies.
GBLA Compliance and Information Security
The Bureau of Consumer Protection recommends a number of practices to ensure the privacy of customer financial data and maintain GLBA compliance. These include thorough background checks on all potential employees and giving access to sensitive data only to those that need it, when they need it. All passwords should be complicated and frequently changed, and should not be stored on physical media, digital or otherwise. When it comes to GLBA compliance, where and how you store financial data matter deeply. Cloud storage is an easy alternative for many things, therefore there should cautiousness when proceeding with storing sensitive financial data in the cloud.
Encryption and its importance
Encryption falls under another important aspect of protecting the security of financial data. When data is encrypted, it can’t be read unless someone has the key to decrypt it. Not only does this prevent prying eyes from snooping on your client’s information, but it also protects your business should that same data fall into the wrong hands. According to GLBA compliance protocol, you would have to report the breach to your customers, but you would be able to assure them that their data is still protected by encryption. The Bureau of Consumer Protection recommends encryption not only for data storage, but also for email. Email is the primary medium for exchanging information with clients and partners, but as we’ve seen recently, unprotected email can put an entire enterprise at risk. Ensuring digital privacy for financial information not only helps with GLBA compliance, but improves customer trust and reduces the risk of a devastating hack.
Consequences for Noncompliance of GBLA
Not being GLBA compliance is dangerous on all levels for your business. For one, GLBA violations carry a hefty fine: $100,000 for each violation, not to mention potential imprisonment for up to five years. The costs of a GLBA violation go beyond paying legal fines and providing credit monitoring services. If your privacy policies does not go far enough to protect your customers’ data, those customers might consider taking their business elsewhere.