GLBA Wrap-up: Put a Positive Spin on Compliance Efforts

At a Time When Customer Confidence is Threatened, Privacy Protection Must be Publicized
GLBA Wrap-up: Put a Positive Spin on Compliance Efforts
In a month of bad news for banking (see recent stories about IndyMac Bank and other failures), our recent series of articles and insights on Gramm-Leach-Bliley Act (GLBA) compliance delivers a reassuring message: Banking institutions are making progress in safeguarding customer information.

A "progressive learning curve" is how one banking regulator describes institutions' efforts to comply with GLBA requirements. In the seven years since banks and credit unions have been examined for GLBA compliance, regulatory agencies have seen "significant improvement," says Jeff Kopchik of the Federal Deposit Insurance Corporation (FDIC).

This is encouraging news - and a message that banking institutions should share with customers. That, at a time when the credit crunch is creating negative publicity for banks, these institutions are continuing to make progress in these key GLBA-related initiatives:

Board of director involvement in information security matters;
Risk assessment of privacy issues;
Strong information security programs (including incident response and business continuity);
Vendor management;
Security awareness - for bank employees and customers alike.

"Risk-based" is the phrase that keeps popping up in discussions of GLBA compliance. This speaks to the notion of putting your compliance resources to work only against those issues that are significant risks for your institution. In other words, pick your battles. The risk-based approach requires a solid, up-front risk assessment and healthy dialogue with regulators, but those efforts are less resource-intensive than trying to fight all battles equally.

Similarly, at a time when consumer confidence is taking some hits, banking institutions have the opportunity to mount an offense by promoting their defense - by showing customers exactly how they're ensuring their privacy.

For anyone who works in banking and security, GLBA compliance is exactly what the job is about - protecting critical information assets. With our series of articles, podcasts and webinars this past month, we've revisited the basics of banking information security, and we trust these content elements will help give you the foundation upon which to not only protect your customers, but to tell them exactly how you're doing it.

Please be sure to check out these GLBA-related articles:

GLBA Compliance: How to Avoid Common Traps
Risk Assessment, Vendor Management Are Key Examination Trends
GLBA Compliance: Tips for Building a Successful Program
Board Involvement, Documentation of Programs Key to Favorable Reviews
The Hidden Traps of Business Continuity Planning
GLBA Compliance Alone Isn't Enough to See an Institution Through a Disaster

Also, listen to this GLBA-themed interview:
GLBA Compliance: Trends to Watch, Traps to Avoid

Our new blogs have addressed the issue:

And don't forget these related webinars:

Finally, if you need a GLBA refresher, check out these resources from the banking regulatory agencies:


About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.