The Safeguards Rule — An Overview for Bankers
by : Stan Jaslar
By necessity, companies that offer financial services have to deal with very sensitive information and important data from their customers. Banks and other financial institutions collect data such as birth dates, social security numbers, credit card numbers, credit histories, and income information on a daily basis. The Safeguards Rule, created by the Gramm-Leach-Bliley Act and under the jurisdiction of the Federal Trade Commission, outlines what financial institutions need to do to keep this information as safe as possible.
You need to abide by this rule, not only because it is the law, but because it is the right thing to do for your customers. Here’s a look at the essentials.
Do All Banks Have to Comply?
Any business that is “significantly engaged” in providing financial services to consumers is subject to the Safeguards Rule. This includes not only banks, but check-cashing services, mortgage brokers, payday loan companies, credit card businesses, and ATM providers as well as many others. If you are not sure whether or not your company needs to comply with this rule, you may want to visit the FTC’s website and read the rule in its entirety.
How to Comply with the Safeguards Rule
In order to comply, your company must have a written security plan outlining how you are going to protect your customers’ information. Your plan should take into account your company’s size, number of employees, and the sensitivity of the financial information gathered.
There is not a specific one-size-fits-all plan or a template to follow. This rule is designed to be flexible. As a result, you need to create a plan that best suits your specific company and your customers’ needs. The plan, however, must contain the following elements:
- An employee designated to be in charge of the plan.
- A process to evaluate each part of the company that deals with sensitive information.
- A list of steps you’re using to safeguard the information.
- A way to regularly monitor and test your plan.
Ideally, you should make sure that your service providers also have safeguard protections in place. To be on the safe side, regularly evaluate or adjust the plan if your company makes any major changes.
What Is the Best Way to Secure Information?
The three most at-risk areas in any financial institution are 1) employee management and training, 2) information technology (IT) systems, and 3) detecting and managing system failures. One of the best steps to take early on in the process is to evaluate what information you are collecting and make sure that you truly need it. If you only collect sensitive information that is absolutely necessary, you will have less to monitor and manage. In contrast, if you collect info you don’t need, you put yourself at risk for no reason.
To encourage your employees to keep customer information safe, keep these tips in mind:
- Make sure all new employees pass a background check.
- Require new employees to sign an agreement on your company’s safeguard policies.
- Lock areas where confidential information is kept.
- Only allow employees access to sensitive data on an as-needed basis.
- Require your employees to use strong passwords.
- Remind your employees to regularly change their passwords.
- Report suspicious attempts to gain confidential information.
- Educate your employees about their legal obligation to keep customers’ information private.
All security policy violations should come with disciplinary measures, and when an employee is terminated, immediately deactivate their password and make sure they can no longer physically access any confidential information.
Here are some ways to protect your information systems:
- Make sure customer information is transmitted securely to outside vendors.
- Encrypt all information sent over the internet.
- When disposing of information, follow the FTC’s Disposal Rule.
- Use automatically updating antivirus and anti-spyware programs.
To manage system failures effectively, check out these strategies:
- Monitor and audit activities.
- Have oversight tools.
- Develop a plan to notify customers of any security breaches.
When you run a financial institution, you have a responsibility to keep your customers’ data safe. If customers are aware that you are providing a safe environment for their data while also handling their financial needs, they will feel more confident about your services. They may turn to you for additional services, and they may be more likely to recommend your financial institution to their friends or colleagues.
The above suggestions should help you start to develop a plan that makes your company compliant with the Safeguards Rule. On top of those essentials, you also need the right fraud protection software, and we can help. To learn more, contact us at SQN Banking Systems.