12 Jun 2012

The basics of the GLB Act's Safeguards Rule

rotect the security, confidentiality, and integrity of customer information by developing a comprehensive written information security program that contains reasonable administrative, technical, and physical safeguards, including: (1) designating one or more employees to coordinate the information security program; (2) identifying reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information,  and assessing the sufficiency of any safeguards in place to control those risks; (3) designing and implementing information safeguards to control the risks identified  through risk assessment, and regularly testing or otherwise monitoring the effectiveness of the safeguards’ key controls, systems, and procedures; (4) overseeing  service providers and requiring them by contract to protect the security and confidentiality of customer information; and (5) evaluating and adjusting the  information security program in light of the results of testing and monitoring, changes  to the business operation, and other relevant circumstances. 16 C.F.R. §§ 314.3 and  314.4.  Violations of the Safeguards Rule are enforced through the FTC Act. 15 U.S.C. § 6805(a)(7).]]>