How to Design a Financial Safeguards Program

data protection graphic

Under the Gramm-Leach-Bliley Act, the FTC has issued a rule requiring financial institutions to safeguard consumer information.

The FTC’s Safeguards Rule applies to both individuals and organizations who provide financial products or services to consumers. These services extend beyond the obvious banking and investment firms to check-cashing, data processors, non-bank lenders, property appraisers, and retail credit issuers.

Your safeguard program must include a written security plan that describes your program to protect consumer information.

What information do financial institutions need to safeguard?

Known as Personally Identifiable Information (PII), financial institutions must protect any information that may directly or indirectly compromise a consumer’s identity. Examples of PII include, but are not limited to:

  • Name
  • Address
  • Phone number
  • SSN
  • Date of Birth
  • Financial Account Information

Design a Financial Safeguards Program for Your Business

Though many financial institutions operate similarly, your particular business and information safeguarding needs depend on your organizational structure, current practices regarding the collection of information, and the precise nature of your products and services. Your business size, scope, and the sensitivity of consumer info collected will also all affect your safeguard plan.

  1. Designate an employee or group of employees to coordinate the safeguards.
  2. Evaluate where sensitive information is collected.
  3. Determine how and where PII is used, and by whom.
  4. Establish written protocol for dealing with sensitive information:
    • How PII is collected and stored
    • When and how PII may be discarded (for example, if you collected paper¬†records and transferred them to an electronic system, shred the paper¬†in a timely manner)
    • What electronic and physical precautions need to be taken
  5. Perform regular employee trainings and complete a routine background check on employees prior to hire.
  6. Re-evaluate your safeguards periodically (every six months to a year) to make sure that your protections are up-to-date and functioning properly.