What Does It Cover?
GLB retention guidelines are part of the Gramm-Leach-Bliley Act, which regulates how businesses in the financial industry secure and handle consumer information. Businesses that fall under the act include any company offering financial services or products such as investment advice, banking, loans, or insurance. How long businesses must retain financial records isn’t specifically addressed in the GLB law. GLB focuses on safeguarding consumer privacy via documents and data that’s financially related.
GLB Privacy Requirements
The Gramm-Leach-Bliley Act requires all applicable businesses to come up with compliant privacy requirements and comply with data security rules. Businesses must also notify consumers of privacy guidelines every year. Notification must be completed when the business plans to disclose personal information to a third party. The act also requires businesses to create a mechanism by which individuals can opt out of disclosures. Disclosure of certain information, including account numbers, is forbidden under the GLB Act.
GLB Retention Guidelines
It’s not enough to let individuals know about your privacy and security policies. Businesses and employees in the financial sector must actively protect data against hackers, fraudsters, and inadvertent disclosure. A first step is anti-fraud training for staff members. Training should be backed up with solid policies regarding document and information storage and destruction. GLB retention guidelines require data in a business’s possession to be handled in a manner that doesn’t risk consumer data, and that extends to a time when documents are no longer needed. An All Shred Policy can keep things simple.
Shredding for GLB Compliance
GLB compliance is a multi-faceted process, which should include:
- Create policies that cover data security from creation to destruction.
- Incorporate secure shred bins in your office to keep confidential information safe between the decision to purge and the actual destruction.
- Work with a professional document destruction vendor. For example, Sergeant Shredder specializes in shredding and recycling sensitive documents.
- If, at anytime during the maintenance, use, or destruction of documents, information is disclosed outside of approved channels, notify consumers immediately.
How do you comply with GLB retention guidelines?