Financial Industries, being GLBA compliant is not enough.
All financial institutions in the United States must comply with the GLBA (Gramm-Leach-Bliley Act), which is enforced by the FTC, the federal banking agencies, and other federal regulatory authorities, as well as state insurance oversight agencies. But being GLBA compliant is not enough…
The GLBA requires financial institutions, like banks, insurance companies, investment companies, and mortgage brokers, to safeguard customer information, provide customers with privacy notices, and give customers the right to opt out of having their information shared with third parties. In addition to the GLBA and FTC, financial services companies must also comply with scopes not covered under the GLBA, like those of emerging US privacy regulations, the CCPA and the VCDPA.
CCPA and VCDPA cover a broader range of PII
The GLBA primarily governs the handling of financial information by financial institutions and requires them to implement reasonable security measures to protect the confidentiality and security of customer information, and to provide customers with privacy notices that explain the institution’s information-sharing practices.
In contrast, the CCPA (California Consumer Privacy Act) and VCDPA (Virginia Consumer Data Protection Act) apply to for-profit entities that do business in California and Virginia and meet the thresholds set forward by the regulations. State privacy laws also cover a broader range of personal information than the GLBA, including things like internet browsing history and geolocation data. The CCPA and VCDPA require financial services companies to disclose how they collect, use, and share personal information, provide customers with the right to access, correct, and delete their information, and appoint a designated data protection officer (DPO) if required.
CCPA and VCDPA require financial entities to obtain consent
The GLBA requires financial institutions to provide customers with privacy notices explaining the type of information collected, how it is used, and how it is shared with third parties. On the other hand, the CCPA and VCDPA requires covered businesses to provide individuals with notice about their data processing activities and obtain their consent in certain circumstances.
It’s important for financial services companies to stay up-to-date with these regulations and review and update their compliance measures regularly. They should also have a designated compliance officer to manage and monitor the compliance issues and conduct regular audits.
It is important for companies to regularly review and assess their compliance with data privacy laws and regulations, and to have systems in place to detect and prevent breaches of oversight. This may include conducting regular risk assessments, implementing data protection measures, providing privacy training for employees, and having incident response plans in place.
Click here to learn more about our Preference and Consent Management Platform! Clarip takes enterprise privacy governance to the next level and helps organizations reduce risks, engage better, and gain customers’ trust! Contact us at www.clarip.com or call Clarip at 1-888-252-5653 for a demo.
Mike Mango, VP of Sales
The potential reach of penalties and risks involved with noncompliance of data privacy laws
The California Consumer Privacy Act and Regulations
Clarip Readiness 2023 Privacy Law Changes
Clarip 2023 Privacy Readiness: CCPA to CPRA