GLBA & Document Management

Are you compliant with the GLBA? Failure to comply could cost your business thousands of dollars in fines.

The following information is provided by Scan123 to assist businesses. It should not be construed as legal advice.

What is the Gramm-Leach-Bliley Act?

Broadly speaking, the Gramm-Leach-Bliley Financial Services Modernization Act of 1974 (GLBA or GLB) restricts with whom businesses can share customer information and mandates that businesses take steps to safeguard customer information and inform customers of how their information will be used.

Who does the GLBA affect?

The GLBA applies to financial institutions, but that includes more than just banks and credit unions. As defined, financial institutions are entities significantly involved in financial activities, including auto dealers, loan brokers, tax preparers, insurance companies and many others.

What role does document management play in GLBA compliance?

The GLBA required certain government agencies, including the Federal Trade Commission (FTC), to establish appropriate standards for the financial institutions they oversee to protect the nonpublic personal information of their customers. To comply with this, the FTC added the Safeguards Rule: Standards for Safeguarding Customer Information, which went into effect in 2003. The rule requires that financial institutions create and implement a written information security program that explains how a business ensures the security and confidentiality of customer information, specifically by protecting against unauthorized access to customer information and foreseeable threats or hazards to customer information. GLBA violations can result in fine of up to $100,000 and/or up to 5 years in prison.

Here's where an electronic document management system (EDMS) like Scan123 can help your business comply with this federal rule. An EDMS protects your customers' information (as well as your own data) more completely than a file cabinet - even a locked cabinet - ever can. Paper documents are vulnerable to human misuse by an employee or intruder as well as natural hazards like fire and flood.

On the other hand, once your paper documents have been scanned into an EDMS, they are protected against unauthorized access. With Scan123, you can grant access only to specific employees who need to use that information. This limits your exposure to identity theft by employees and just plain snooping. Furthermore, in every stage of transfer and access your data is secured against hacking with 256-bit AES encryption, which is authorized by the federal government to protect Top Secret-level classified information.

Your customers' information is also protected against natural disasters by several safeguards. Scan123 keeps multiple backups of all your data in multiple locations so that if one copy is ever damaged, the system can roll back to another copy. In case of fire, our data facility has a state of the art dry fire suppression system. Even during a power outage, your information is safe and accessible to you. Our data facility has 21 days of battery power, backup diesel generators, and guaranteed refueling contracts.

Protecting your customers' information isn't just required by law, it's also good business. Make sure an electronic document management system like Scan123 is a part of your federally mandated plan to protect your customer’s information.

What else do I need to do to comply with the GLBA?

Other sections of the GLBA may require that you give your customers privacy notices explaining what information you are collecting and how it will be used and give opt-out notices before sharing customer information with nonaffiliated third parties. For more information, check out the links for further reading below.