GLBA Wrap-up: Put a Positive Spin on Compliance Efforts

At a Time When Customer Confidence is Threatened, Privacy Protection Must be Publicized Tom Field (SecurityEditor) • August 4, 2008

In a month of bad news for banking (see recent stories about IndyMac Bank and other failures), our recent series of articles and insights on Gramm-Leach-Bliley Act (GLBA) compliance delivers a reassuring message: Banking institutions are making progress in safeguarding customer information.

A "progressive learning curve" is how one banking regulator describes institutions' efforts to comply with GLBA requirements. In the seven years since banks and credit unions have been examined for GLBA compliance, regulatory agencies have seen "significant improvement," says Jeff Kopchik of the Federal Deposit Insurance Corporation (FDIC).

This is encouraging news - and a message that banking institutions should share with customers. That, at a time when the credit crunch is creating negative publicity for banks, these institutions are continuing to make progress in these key GLBA-related initiatives:

Board of director involvement in information security matters;

Risk assessment of privacy issues;

Strong information security programs (including incident response and business continuity);

Vendor management;

Security awareness - for bank employees and customers alike.

"Risk-based" is the phrase that keeps popping up in discussions of GLBA compliance. This speaks to the notion of putting your compliance resources to work only against those issues that are significant risks for your institution. In other words, pick your battles. The risk-based approach requires a solid, up-front risk assessment and healthy dialogue with regulators, but those efforts are less resource-intensive than trying to fight all battles equally.

Similarly, at a time when consumer confidence is taking some hits, banking institutions have the opportunity to mount an offense by promoting their defense - by showing customers exactly how they're ensuring their privacy.

For anyone who works in banking and security, GLBA compliance is exactly what the job is about - protecting critical information assets. With our series of articles, podcasts and webinars this past month, we've revisited the basics of banking information security, and we trust these content elements will help give you the foundation upon which to not only protect your customers, but to tell them exactly how you're doing it.

Please be sure to check out these GLBA-related articles:

GLBA Compliance: How to Avoid Common Traps
Risk Assessment, Vendor Management Are Key Examination Trends

GLBA Compliance: Tips for Building a Successful Program
Board Involvement, Documentation of Programs Key to Favorable Reviews

The Hidden Traps of Business Continuity Planning
GLBA Compliance Alone Isn't Enough to See an Institution Through a Disaster

Also, listen to this GLBA-themed interview:
GLBA Compliance: Trends to Watch, Traps to Avoid

Our new blogs have addressed the issue:

GLBA and Security Avoidance Questions - Why Are We Not Surprised?

State of Information Security: Educating Your Board

And don't forget these related webinars:

Maintaining Compliance with the Gramm-Leach-Bliley Act Section 501(b)

GLBA Privacy Requirements: How to Build an Effective Program That Meets GLBA Compliance and Ensures Customer Privacy

Finally, if you need a GLBA refresher, check out these resources from the banking regulatory agencies: