Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance
-
Upload
nelle-shelton -
Category
Documents
-
view
59 -
download
1
description
Transcript of Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance
![Page 1: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/1.jpg)
1
Safeguarding Customer InformationGramm-Leach-Bliley Act Compliance
Ellen Harris-Small
Terry Wooding
![Page 2: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/2.jpg)
2
Why was GLBA enacted?
Section 501 of the Gramm-Leach-Bliley Act requires Financial Institutions to establish standards relating to administrative, technical and physical information safeguards to protect customer records and information.
![Page 3: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/3.jpg)
3
Safeguard Objectives:
• Ensure security and confidentially of customer records and information.
• Protect against any anticipated threats or hazards to the security of the records.
• Protect against unauthorized access or use of records or information which could result in harm or inconvenience to customer.
![Page 4: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/4.jpg)
4
Information Security Plan
• Written to insure security and confidentiality of non-public customer financial information (NPI).
• Protect against any anticipated threats and hazards.• Protect against unauthorized access or use.
![Page 5: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/5.jpg)
5
Non-public customer information(NPI)
• Credit card numbers• Social Security numbers• Drivers license numbers• Student loan data• Income information• Credit histories• Customer files with NPI• NPI Consumer information• Bank Account data
![Page 6: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/6.jpg)
6
Financial Institutions
Including Colleges and Universities must ensure that
their security programs provide adequate protection
to customer information
in whatever format –
electronic or hardcopy.
![Page 7: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/7.jpg)
7
FTC Ruling
consumer’s information is not a privacy
issue but is one of security.
Compliance with FERPA does not exempt colleges and universities from GLBA safeguarding regulations.
![Page 8: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/8.jpg)
8
FERPA vs.. GLBA
• The Family Education Rights and Privacy Act addresses the privacy of student information.
• Gramm- Leach-Bliley Act addresses the security of customer records and information.
![Page 9: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/9.jpg)
9
Rutgers University• Has established a committee to insure compliance.
• Committee meets regularly to review and insure compliance with the act.
• Performs risk assessment and regular testing.
• Oversees service providers and contracts.
• Trains staff to maintain security and confidentially.
![Page 10: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/10.jpg)
10
Why Protect your Identity?
Identity Theft
![Page 11: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/11.jpg)
11
Statistics on Identity Theft in New Jersey
4802 Complaints / year
• 1. Credit Card Fraud 2,350 -- 49%• 2. Phone or Utilities Fraud 867--18%• 3. Bank Fraud 669 --14%• 4. Government Documents/Benefits Fraud 396 --8%• 5. Loan Fraud 356 --7%• 6. Employment-Related Fraud 260 -- 5%• 7. Attempted Identity Theft 477 --10%• 8. Other 710 -- 15%
![Page 12: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/12.jpg)
12
• Under ID Theft Act, identity theft is defined very broadly as:
knowingly using, without authority, a means of identification of another person to commit any unlawful activity.
(unlawful activity: a violation of Federal law, or a felony under State or local law).
What is Identity Theft?
![Page 13: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/13.jpg)
13
Identity Theft
When someone steals your identity, they are usually using your credit to obtain goods and services for themselves that “you” will have to pay for.
![Page 14: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/14.jpg)
14
How Does an Identity Thief Get Your Information?
• Stealing files from places where you work, go to school, shop, get medical services, bank, etc.
• Stealing your wallet or purse.• Stealing information from your home or car.• Stealing from your mailbox or from mail in transit.• Sending a bogus email or calling with a false
promise or fraudulent purpose.- For example: pretending to be from a bank,
creating a false website, pretending to be a real company, fake auditing letters.
![Page 15: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/15.jpg)
2004 PNC Bank 15
From: PNC BankSent: May 17, 2004 6:31 PMTo: [email protected]: To All PNC bank users
Dear PNC user,During our regular update and verification of the user data, you must confirm your credit card details.Please confirm you information by clicking link below. http://Cards.bank.com pncfeatures/cardmember access.shtml
![Page 16: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/16.jpg)
16
How Does an Identity Thief Use Your Information?
• Obtains Credit Cards in your name or makes charges on your existing accounts (42%).• Obtains Wireless or telephone equipment or services
in your name (20%).• Forges checks, makes unauthorized EFTs, or open
bank accounts in your name (13%).• Works in your name (9%).• Obtains personal, student, car and mortgage loans,
or cashes convenience checks in your name (7%).• Other uses: obtains drivers license in your name.
![Page 17: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/17.jpg)
17
Victims of Identity Theft
• If your identity is stolen, do the following immediately:
– Contact the fraud department of the three major credit bureaus (Equifax, Experian, Trans Union).
– Contact your creditors and check your accounts.
– File a police report.
- File a complaint with the FTC.
![Page 18: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/18.jpg)
18
Recovery
• Take back control of your identity:
– Close any fraudulent accounts.
– Put passwords on your accounts.
– Change old passwords and create new PIN codes.
![Page 19: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/19.jpg)
19
Prevention
Protect yourself
Protect others
Guard against fraud:
• Sign cards as soon as they arrive.
• Keep records of account numbers and phone numbers.
• Keep an eye on your card during transactions. Also be aware of who is around you, is anyone else listening?
• Check your credit report and credit card monthly statements.
![Page 20: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/20.jpg)
20
Annual credit bureau report
• New Jersey residents are entitled to one free annual credit report.
• If you are denied credit, you are allowed to request one free copy of your credit report.
• Check your report for accurate information, open accounts, balance information, loan information, etc.
![Page 21: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/21.jpg)
21
Credit Bureau Links
• Equifax – www.equifax.com– To order a report, 1-800-685-1111 – To report fraud, 1-800-525-6285
• Experian – www.experian.com– To order a report, 1-888-397-3742 – To report fraud, 1-888-397-3742
Trans Union – www.tuc.com – To order a report, 1-800-916-8800 – To report fraud, 1-800-680-7289
![Page 22: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/22.jpg)
22
Have you been a Victim?
![Page 23: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/23.jpg)
23
You may be a victim if:
• You are denied credit.
• You stop getting mail.
• You start getting collection calls/mail.
• You start getting new bills for accounts you do not have or services you did not authorize.
• Your bank account balances drops.
![Page 24: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/24.jpg)
24
Damages
• Time
• Money
• Credit rating
• Reputation
![Page 25: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/25.jpg)
25
Good Practices
• Photocopy the contents of your wallet/purse.• Photocopy your passport (keep a copy at home
and one with you when you travel).• Empty your wallet/purse of non-essential
identifiers.• Do not use any information provided by the
people who may be trying to scam you look it up yourself.
• Shred documents before you depose of them.
![Page 26: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/26.jpg)
26
GLBA requires us to PROTECT CONSUMERS from
substantial harm or inconvenience.
![Page 27: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/27.jpg)
27
What can we do to guard NPI?
• Keep confidential information private.
• Use care when asking or giving SSN.
• Use secure disposal methods.
• Protect the privacy of data transmissions.
• Improve procedures.
![Page 28: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/28.jpg)
28
Actions to prevent Others from becoming Victims
• Determine what information you need.• Provide a secure workplace.• Always ask for a student’s ID or debtors
account number.• Keep prying eyes away from customer’s
information.• Don’t expose NPI information to the
outside world.
![Page 29: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/29.jpg)
29
Actions to prevent Others from becoming Victims
• Take care when you provide employee’s or customers’ personal information to others.
• Know & explain how you handle personal information.
• Ask for written permission prior to sharing personal information.
• Report problems or concerns to managers or supervisors.
![Page 30: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/30.jpg)
30
Avoid– unauthorized disclosure– removing information from your office– sharing information – tossing information in the trash – down loading or e-mailing information.
Remember to always maintain confidentiality, security and integrity :
![Page 31: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/31.jpg)
31
General Privacy
• Do not provide correcting information for account verification questions.
• Be suspicious.• Be paranoid.• Don’t be afraid to say no
when asked for information that is not required to conduct the current business transaction.
![Page 32: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/32.jpg)
32
What are university assets?
![Page 33: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/33.jpg)
33
Rutgers University Assets
Are customer
information and records assets?
![Page 34: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/34.jpg)
34
Safeguarding Information
• Information takes many forms.
• Information is stored in various ways.
• Data assets have unique risks.
![Page 35: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/35.jpg)
35
Safeguarding Information
Your Role:• Ensure Physical Security.• Select and Protect hard to guess passwords.• Avoid email traps and disclosures.• Back up files.• Log off your computer when not in use.• Do not open emails with attachments from unknown
sources.• Obliterate data before giving up your computer.• Recognize social engineering tactics.
![Page 36: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/36.jpg)
36
Safeguarding Information
Your role as a user….
What else can you do?
![Page 37: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/37.jpg)
37
Check your work area!
• Do you leave NPI reports on your desk?• Is NPI stored in unlocked file cabinets?• Keep computer disks secure. • Do not save NPI on your computer C drive.
![Page 38: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/38.jpg)
38
Safeguarding Information
Your role….
The University has many policies and procedures to help you, learn them.
![Page 39: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/39.jpg)
39
University Regulations & Guidelines related to Safeguarding
Standards for University Operations Handbook• Confidentiality• Accounting for Financial Resources• Acceptable Use of Network &Computing Resources:
– Agreement for Accessing Information– Acceptable Use Policy– Guidelines for Interpretation of Acceptable Use– Acceptable Use Supplement– Basics
![Page 40: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/40.jpg)
40
Potential Damages to Rutgers
• Reputation• Violation of federal and state laws• Fines• Reparation costs• Recovery costs• Increased prevention costs
Georgia Tech accidental release of credit card to the internet cost them over $1,000,000.
![Page 41: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/41.jpg)
41
Management’s Expectations
“Rutgers places a high level of trust in you, its faculty and staff, and requires that University assets under your control be protected and properly safeguarded from loss and misuse.”
Joanne G. Jackson
Senior V.P.
October 24, 2001
![Page 42: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/42.jpg)
42
Expectations
• All RU employees are responsible for securing and caring for University property, resources and other assets.
• RU relies on the attention and cooperation of every member of the community to prevent, detect and report the misuse of university assets.
![Page 43: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/43.jpg)
43
Prevention
• Protect yourself
• Protect others
![Page 44: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance](https://reader033.fdocuments.us/reader033/viewer/2022061610/56813948550346895da0e51b/html5/thumbnails/44.jpg)
44
Safeguarding customer information and university assets
is everyone’s job!