CTMS Ohio
  • Dealership Compliance
  • Our Solutions
    • Cyber Solutions
      • Cybersecurity
      • Backup and Disaster Recovery
      • Network Management
      • Mobile Management
    • Cloud Solutions
      • Cloud Migrations
      • Cloud Hosting
      • Office 365
    • Managed Services
      • IT Consulting
      • Remote Helpdesk Services
      • Virtual CIO Services
    • Business Phones
      • Hosted VOIP
      • Contact Center Services
  • Electronic Titles
  • About Us
    • Areas We Serve
      • Phoenix
    • Our Team
    • Careers
    • Blog
    • Industries
      • Automotive
      • Government
      • Healthcare
      • Small and Medium Sized Businesses
      • Nonprofits
      • Legal Firms
      • Manufacturing
      • Professional Services
  • Contact
  • Remote Help
  • Submit Ticket
  • Payments
  • 844.286.7644
  • Menu Menu

Understanding GLBA Compliance Requirements: How You Should Prepare for the June Deadline

On November 5, 2022, the Federal Trade Commission (FTC) extended the deadline to comply with the updated GLBA to June 9, 2023. Does this affect your business? And if so, what do you need to do to become compliant? Keep reading to find out.

What Is GLBA Compliance?

A federal law passed in 1999, the GLBA refers to the Gramm-Leach-Bliley Act, also known as the Financial Modernization Act. Essentially, it governs how financial institutions handle their customers’ private information. As the FTC offers a broad definition of what counts as a “financial institution,” your business just might qualify.

When Was the GLBA Updated?

In 2021, the FTC updated the Standards for Safeguarding Customer Information section (Safeguards Rule for short) of the GLBA. This rule primarily helps protect customer information. It was added in 2003 but updated to keep up with current technology.

Who Does the Updated GLBA Regulations Apply to?

The Safeguards Rule applies to any financial institutions within FTC jurisdiction that aren’t subject to enforcement authority by another regulator under section 505 of the GLBA. The FTC defines a financial institution as any entity engaged in an activity that is “financial in nature” or is “incidental to such financial activities as described in section 4(k) of the Bank Holding Company Act of 1956.”

To give you a better idea of what kinds of entities fall into this broad category, the FTC provides the following non-exhaustive list of examples: “businesses like mortgage lenders, mortgage brokers, motor vehicle dealers, payday lenders, finance companies, account servicers, check cashing companies, wire transferors, collection agencies, credit counselors and other financial advisors, tax preparation firms, non-federally insured credit unions, and investment advisors that aren’t required to register with the SEC.”

Maintaining your technology framework is challenging when you have other business objectives to pursue. CTMS specializes in IT consulting, helping you stay compliant and secure.

Let’s Get Started

Why Was the Updated GLBA Compliance Deadline Extended?

The FTC extended the updated GLBA compliance deadline in response to a request by the Deputy Chief Counsel of the U.S. Small Business Administration (SBA). It asked for an extension due to personnel shortages and supply chain issues that would make it difficult for many firms to comply with the updated GBLA by the original December 9, 2022 deadline. The FTC met them halfway and settled for a six-month extension (June 9, 2023) instead.

What Exactly Changed in the GLBA?

As mentioned, the changes primarily affected the Safeguards rule. You may read the rule in full on the FTC website, but the June extension applies specifically to the following provisions:

  • Designate a qualified person to oversee their information security program
  • Develop a written risk assessment
  • Limit and monitor who can access sensitive customer information
  • Encrypt all sensitive information
  • Train security personnel
  • Develop an incident response plan
  • Periodically assess the security practices of service providers
  • Implement multi-factor authentication or another method with equivalent protection for anyone who accesses customer information

What to Do Between Now and June to Become GLBA-compliant

Though you still have a few months to meet the June deadline, you shouldn’t put it off. Compliance may require significant investment in staff and technology on your part. Furthermore, failure to comply by the deadline could result in significant fines and penalties, and damage your company’s reputation. It’s preferable to err on the side of caution.

The first step is to determine whether your business qualifies as a financial institution under the FTC’s definition above. If your firm meets the definition, you need to start developing an information security program to:

  • Ensure the security and confidentiality of customer information
  • Protect against anticipated threats or hazards to the security or integration of that information
  • Protect against unauthorized access to that information which could result in substantial harm or inconvenience to any customer

Here are nine things you must do to achieve GLBA compliance:

  • Designate a Qualified Individual to implement and supervise your company’s information security program. Even if you outsource the role to a third-party provider, the overseer ensures the responsibility to comply with GLBA falls on your company.
  • Conduct a risk assessment. This includes making a complete inventory of customer data and uncovering potential security threats to that data. The written assessment must be performed regularly to keep up with changes in your organization and new threats.
  • Design and implement safeguards to control the risks identified through your assessment. They should include:
    • Implementing and periodically reviewing access controls
    • Knowing what customer data you have and where it’s stored
    • Encrypting customer data when it’s in transit
    • Assessing your apps
    • Implementing multi-factor authentication (MFA)
    • Disposing of customer data safely
    • Anticipating and evaluating changes to your information system or network
    • Maintaining a log of authorized user activity
  • Regularly monitor and test the effectiveness of your safeguards. This can involve continuous monitoring of your information system or penetration testing and vulnerability assessments.
  • Train your staff. Organize regular training sessions to keep staff up to date on best cybersecurity practices and GLBA standards.
  • Monitor your service providers. Only hire reputable providers and make sure they maintain GLBA standards.
  • Keep your information security program current. Technology constantly changes, so your information security program must adapt. Make sure it addresses current cyberthreats and risks.
  • Create a written incident response plan. If a cyber-incident occurs, your staff should know exactly what to do. An incident response plan should cover goals, processes, roles, communication channels, and more.
  • Require your Qualified Individual to report to your Board of Directors. They should report at least once annually. Among other things, their report should cover risk assessments, decisions, results, and recommendations.

Partner With CTMS to Become GLBA-Compliant

As you can see, you may have to do a lot to maintain compliance with the updated GLBA. If you’re struggling to meet the June deadline, CTMS can help. Contact us today to learn more about our managed IT services, and we’ll help get you GLBA-compliant in no time!

Share This Post

  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn
  • Share on Reddit
  • Share by Mail

Related Postings

Cybersecurity

Navigating the FTC’s New Da...

FTC Compliance
Read more
November 1, 2023
https://www.ctmsit.com/wp-content/uploads/2023/02/IT-Technician-in-Glasses-with-a-Laptop-Computer-and-Black-Male-Engineer-Colleague-are-Talking-in-Data-Center.jpg 1250 2000 Jayme Skeen https://www.ctmsit.com/wp-content/uploads/2022/07/CTMS-tagline-black.png Jayme Skeen2023-11-01 12:40:432024-11-20 16:30:38Navigating the FTC’s New Da...

Unmasking the Spooky Side of Cybe...

Cybersecurity
Read more
October 27, 2023
https://www.ctmsit.com/wp-content/uploads/2023/10/blog-top-halloween.png 600 1600 Jayme Skeen https://www.ctmsit.com/wp-content/uploads/2022/07/CTMS-tagline-black.png Jayme Skeen2023-10-27 09:44:582024-11-20 16:30:38Unmasking the Spooky Side of Cybe...
Image of two people looking at a computer connected in a data center.

Unlocking Business Potential: The...

CLOUD SERVICES
Read more
October 4, 2023
https://www.ctmsit.com/wp-content/uploads/2023/04/Image-of-two-people-looking-at-a-computer-connected-in-a-data-center..jpg 1250 2000 Jayme Skeen https://www.ctmsit.com/wp-content/uploads/2022/07/CTMS-tagline-black.png Jayme Skeen2023-10-04 09:48:172024-11-20 16:30:38Unlocking Business Potential: The...

Categories

  • Auto Industry IT
  • BUSINESS PHONES
  • CLOUD SERVICES
  • Compliance
  • CYBER SOLUTIONS
  • Cybersecurity
  • E-TITLES
  • Education IT Solutions
  • FTC Compliance
  • Hosted VOIP
  • IT SOLUTIONS
  • IT Support
  • Managed Services/VCIO
  • Remote Working Technology
  • SOFTWARE
  • Uncategorized

Contact Us

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

About Us

Computer Technology Management Services (CTMS) supports organizations nationwide with high-quality, customizable business IT tools and cybersecurity strategies for dealerships and more.

What We Do

Cybersolutions
Cloud Solutions
Managed Services
Business Phones
Dealership Compliance
Electronic Titles

Contact Us

847 Pier Dr. Akron, OH 44307

24/7 Hotline and Business Contact: 844-286-7644

 

Website by Abstrakt Marketing Group © 2022
  • Privacy Policy
  • Sitemap
  • Linkedin
  • Facebook
Scroll to top

This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies.

OKLearn more

Cookie and Privacy Settings



How we use cookies

We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.

Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.

Essential Website Cookies

These cookies are strictly necessary to provide you with services available through our website and to use some of its features.

Because these cookies are strictly necessary to deliver the website, refusing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.

We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.

We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.

Other external services

We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.

Google Webfont Settings:

Google Map Settings:

Google reCaptcha Settings:

Vimeo and Youtube video embeds:

Accept settingsHide notification only
CTMS Support

Need Support Now?

Click here to reach our world class support.