Protecting Non-Public Personal Information - WST

Back in 1999, when Michael Jordan was enjoying his second retirement and everyone was freaking out about Y2K, Congress passed the Gramm-Leach-Bliley Act (GLBA), which ensured the safeguarding of consumer non-public personal information (NPI). The GLBA dictates what consumer information is protected, your institution’s ability to limit the sharing of that information, and how and with whom the financial institutions can share the information with other affiliates. Some institutions, depending on the amount of information they share, must allow a consumer to opt-out of that information sharing.

Similarly, another regulation for protecting consumer non-public information is the 1978 Right to Financial Privacy Act (RFPA) which establishes procedures that federal government authorities must follow in order to obtain information from a financial intuition.

Finally, another mechanism used to ensure privacy of consumer information, for more delicate transactions, is the trusty Non-Disclosure Agreement which has proven to be a useful tool in securing consumer non-public personal information.

If you’d like more information about compliance and ensuring your institution is meeting GLBA or other regulatory requirements, please reach out to our Compliance staff or anyone at 10-D Security. You can also read more about the hypotheticals of data loss and protecting NPI in the accompanying blog post at https://10dsecurity.com/blog-good-intentions-never-go-unpunished.html.

Authored by: Josh Mourning, CCBP and Mike Smith, AWS CCP