Gramm The appropriate Federal banking agency, after opportunity for hearing, may terminate, at any time, the authority conferred by the preceding subparagraph to continue any affiliation subject to such subparagraph until the end of the period referred to in such subparagraph if the agency determines, having due regard for the purposes of this subsection and the Return to Prudent Banking Act of 2023, that such action is necessary to prevent undue concentration of resources, decreased or unfair competition, conflicts of interest, or unsound banking practices and is in the public interest. Before the GLBA, these kinds of scams could only be prosecuted under other laws about fraud or false pretenses that didn't always exactly match up with attackers' specific techniques. 0000030139 00000 n | Congress.gov | Library of Congress The United States Code is meant to be an organized, logical compilation of the laws passed by Congress. Deep Odyssey, a company that offers these services, puts it this way in their disclaimer: "The completion of a GLBA Audit does not ensure GLBA compliance. 0JjvQ R Finally, acts may be referred to by a different name, or may have been renamed, the links will take you to the appropriate listing in the table. The language of the notices may be fairly boilerplate, and indeed the SEC makes model forms available. Subject to a determination under subparagraph (B), an appropriate Federal banking agency may extend the 2-year period referred to in subparagraph (A) from time to time as to any particular insured depository institution for not more than 6 months at a time, if, in the judgment of the agency, such an extension would not be detrimental to the public interest, but no such extensions shall in the aggregate exceed 1 year. 5 0 obj Find the resources you need to understand how consumer protection law impacts your business. Updates to the Gramm-Leach-Bliley Act Cybersecurity Requirements, FTC Safeguards Rule: What Your Business Needs to Know. The changes to the Safeguards Rule are effective June 9, 2023. II. Part 314 use the terms customer and customer information. For the purpose of an institutions or servicers compliance with GLBA, customer information is information obtained as a result of providing a financial service to a student (past or present). <> 30 Minute Mortgage, Inc., Gregory P. Roth, and Peter W. Stolz, Garrett, Paula L. d/b/a Discreet Data Systems, Guzzetta, Victor L., d/b/a Smart Data Systems, Information Search, Inc., and David J. Kacala (District of Maryland, Northern Division). L. 111203 inserted ,other than the Bureau of Consumer Financial Protection, after section 6805(a) of this title in introductory provisions. 0000001912 00000 n Section 5136A of the Revised Statutes of the United States (12 U.S.C. Thank you for joining the GovTrack Advisory Community! 9 0 obj WebThis paper examines the impact of Gramm-Leach-Bliley Act across three main sectors of the financial services industry: commercial banks, insurance companies, and brokerage firms, taking account of the wealth effect associated with the announcement. It is the responsibility of the organization to enforce the compliance recommendations at their discretion.". Slaughter. '>U,BxPL6xZg.s\ =D;2HE]^;e9IDKz|a\)d`LEo#W\nQ";aIw-_F\(/U.) /FontFile3 129 0 R >> endobj 120 0 obj << /Type /Font /Subtype /Type1 /FirstChar 32 /LastChar 151 /Widths [ 278 296 389 556 556 833 815 204 333 333 500 606 278 333 278 278 556 556 556 556 556 556 556 556 556 556 278 278 606 606 606 444 737 722 722 722 778 722 667 778 833 407 556 778 667 944 815 778 667 778 722 630 667 815 722 981 704 704 611 333 606 333 606 500 333 556 556 444 574 500 333 537 611 315 296 593 315 889 611 500 574 556 444 463 389 611 537 778 537 537 481 333 606 333 606 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 204 204 0 0 0 556 1000 ] /Encoding /WinAnsiEncoding /BaseFont /OPPKBE+NewCenturySchlbk-Roman /FontDescriptor 119 0 R >> endobj 121 0 obj << /Length 910 /Filter [ /ASCII85Decode /FlateDecode ] >> stream An institutions or servicers written information security program must include the following nine elements included in the FTCs regulations: Element 1: Designates a qualified individual responsible for overseeing and implementing the institutions or servicers information security program and enforcing the information security program (16 C.F.R. 1. 78c(a)(5)(C)) is amended. 1445, provided that: to insure the security and confidentiality of customer records and information; to protect against any anticipated threats or hazards to the security or integrity of such records; and. 1338. Section 728 of the Regulatory Relief Act directs the agencies named in Section 504(a)(1) of the GLB Act, 15 U.S.C. Likens., In the Matter of, 77 Investigations, Inc. and Reginald Kimbro, CEO Group, Inc. d/b/a Check Em Out, and Scott Joseph. ]JX9&TN:pP2U:'%#yqQ_ ,0C5)4KzOD^W [~A5R&16 uveAgH)djZ^rM_8#!yVxW5B$} W(hgV9&O|"jJBk=DP N?nxs!]I)$y@qK endstream endobj 122 0 obj << /Filter [ /ASCII85Decode /FlateDecode ] /Length 312 /Subtype /Type1C >> stream GLBA consumer vs. customer. Parts 160 and 164, established under the Health Insurance Notwithstanding the limitation of the January 1, 1970, approval deadline in subsection (c)(8), the Board may determine an activity to be so closely related to banking as to be a proper incident thereto for purposes of such subsection, subject to the requirements of this subsection and such terms and conditions as the Board may require. 11494, 129 Stat. Sometimes classification is easy; the law could be written with the Code in mind, and might specifically amend, extend, or repeal particular chunks of the existing Code, making it no great challenge to figure out how to classify its various parts. Section 6801 et seq. To repeal certain provisions of the Gramm-Leach-Bliley Act and revive the separation between commercial banking and the securities business, in the manner rZ 0000001588 00000 n This is a project of Civic Impulse, LLC. Franchisee Conversations with Chair Khan and Cmr. 8 0 obj 1843) is amended by striking subsections (k), (l), (m), (n), and (o). Add a note about this bill. ACT The Safeguards Rule took effect ABOUT THE GLB ACT The Gramm-Leach-Bliley Act was enacted on November 12, 1999. Part 314. 1841) is amended by striking subsection (p). Institutions should coordinate with their leadership and appropriate staff to implement the requirements in the Final Rule by June 9. TOPN: Gramm-Leach-Bliley Act - LII / Legal Information Pretexting is form of social engineering in which an attacker tries to convince a victim to give up valuable information or access to a service or system. Each of these individual provisions would, logically, belong in a different place in the Code. The guide summarizes and explains rule amendments adopted by the Commission, but is not a substitute for any rule. 6801 et seq.) Subsection (a) of section 206 of the Gramm-Leach-Bliley Act (15 U.S.C. Anyone who obtains financial products or services from a company is dubbed a consumer, but consumers who maintain a continuing relationship with that institution are customers. Contributing writer, To achieve the GLBA objectives, institutions and servicers are required to develop, implement, and maintain a written, comprehensive information security program. 314.4(c)). The first is that it explicitly makes it illegal to use pretexting to try to gain access to the information about victims held by a financial institution covered by the Act. So-called "Short Title" links, and links to particular sections of the Code, will lead you to a textual roadmap (the section notes) describing how the particular law was incorporated into the Code. L. No. We enforce federal competition and consumer protection laws that prevent anticompetitive, deceptive, and unfair business practices. Updates to the Gramm-Leach-Bliley Act Cybersecurity Requirements, (GENERAL-23-09) 1338, codified in relevant part primarily at 15 U.S.C. The publication provides valuable information such as describing what a reasonable security program should look like and goes over each of the nine required elements in greater detail. Definition, examples and prevention, business continuity and disaster recovery, The 10 most powerful cybersecurity companies, 7 hot cybersecurity trends (and 2 going cold), The Apache Log4j vulnerabilities: A timeline, Using the NIST Cybersecurity Framework to address organizational risk, 11 penetration testing tools the pros use, Designate employees to coordinate an infosec program, Identify risks to customer information across your company and assess the effectiveness of your current safeguards, Design, implement, monitor, and test an overarching safeguard program, Select service providers that are able to meet the requirements of the GLBA, and write that into your contract with them, Continually evaluate your program as circumstances and the threat landscape change, Understand the regulations and how they apply to you, Conduct a risk assessment (more on which in a moment), Ensure that effective controls are in place to mitigate risks, Make sure your service providers are GLBA-compliant, Confirm that you're meeting Privacy Rule requirements, Update your disaster recovery and business continuity plans, Prepare a written information security plan (WISP) a formal document of this type is a GLBA requirement, Report to the board the GLBA requires those responsible for inforsec make an annual report to an organizations managing board on GLBA compliance. Were looking for feedback from educators about how GovTrack can be used and improved for your classroom. Section 5(c) of the Bank Holding Company Act of 1956 (12 U.S.C. 6803(e). WebText for S.900 - 106th Congress (1999-2000): Gramm-Leach-Bliley Act. One, a reference to a Public Law number, is a link to the bill as it was originally passed by Congress, and will take you to the LRC THOMAS legislative system, or GPO FDSYS site. Please note that compliance with the GLBA requirements is not the same as compliance with NIST 800-171. Gramm A@Eag;>i!/z,4|$fL[c{U#Vg[(v5!@.W@Z=HBn8!yB^0 IYU^;'l"ls2b3AwBmBQ It is usually found in the Note section attached to a relevant section of the Code, usually under a paragraph identified as the "Short Title". ); (3)AAa covered entity or business associate governed by the privacy, security, and breach notification rules issued by the United States Department of Health and Human Services, 45 C.F.R.