Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance - PowerPoint PPT Presentation

1 / 44
About This Presentation
Title:

Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance

Description:

Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance Ellen Harris-Small Terry Wooding Why was GLBA enacted? Section 501 of the Gramm-Leach-Bliley Act ... – PowerPoint PPT presentation

Number of Views:589
Avg rating:3.0/5.0
Slides: 45
Provided by: pc7568
Category:

less

Transcript and Presenter's Notes

Title: Safeguarding Customer Information Gramm-Leach-Bliley Act Compliance


1
Safeguarding Customer InformationGramm-Leach-Blil
ey Act Compliance
  • Ellen Harris-Small
  • Terry Wooding

2
Why was GLBA enacted?
  • Section 501 of the Gramm-Leach-Bliley Act
    requires Financial Institutions to establish
    standards relating to administrative, technical
    and physical information safeguards to protect
    customer records and information.

3
Safeguard Objectives
  • Ensure security and confidentially of customer
    records and information.
  • Protect against any anticipated threats or
    hazards to the security of the records.
  • Protect against unauthorized access or use of
    records or information which could result in harm
    or inconvenience to customer.

4
Information Security Plan
  • Written to insure security and confidentiality of
    non-public customer financial information (NPI).
  • Protect against any anticipated threats and
    hazards.
  • Protect against unauthorized access or use.

5
Non-public customer information(NPI)
  • Credit card numbers
  • Social Security numbers
  • Drivers license numbers
  • Student loan data
  • Income information
  • Credit histories
  • Customer files with NPI
  • NPI Consumer information
  • Bank Account data

6
Financial Institutions
  • Including Colleges and Universities must ensure
    that their security programs provide adequate
    protection to customer information
  • in whatever format
  • electronic or hardcopy.

7
FTC Ruling
  • consumers information is not a privacy issue but
    is one of security.

Compliance with FERPA does not exempt colleges
and universities from GLBA safeguarding
regulations.
8
FERPA vs.. GLBA
  • The Family Education Rights and Privacy Act
    addresses the privacy of student information.
  • Gramm- Leach-Bliley Act addresses the security of
    customer records and information.

9
Rutgers University
  • Has established a committee to insure compliance.
  • Committee meets regularly to review and insure
    compliance with the act.
  • Performs risk assessment and regular testing.
  • Oversees service providers and contracts.
  • Trains staff to maintain security and
    confidentially.

10
Why Protect your Identity?
Identity Theft
11
Statistics on Identity Theft in New Jersey
  • 4802 Complaints / year
  • 1. Credit Card Fraud 2,350 -- 49
  • 2. Phone or Utilities Fraud 867--18
  • 3. Bank Fraud 669 --14
  • 4. Government Documents/Benefits Fraud 396 --8
  • 5. Loan Fraud 356 --7
  • 6. Employment-Related Fraud 260 -- 5
  • 7. Attempted Identity Theft 477 --10
  • 8. Other 710 -- 15

12
What is Identity Theft?
  • Under ID Theft Act, identity theft is defined
    very broadly as
  • knowingly using, without authority, a means of
    identification of another person to commit any
    unlawful activity.
  • (unlawful activity a violation of Federal law,
    or a felony under State or local law).

13
Identity Theft
  • When someone steals your identity, they are
    usually using your credit to obtain goods and
    services for themselves that you will have to
    pay for.

14
How Does an Identity Thief Get Your Information?
  • Stealing files from places where you work, go to
    school, shop, get medical services, bank, etc.
  • Stealing your wallet or purse.
  • Stealing information from your home or car.
  • Stealing from your mailbox or from mail in
    transit.
  • Sending a bogus email or calling with a false
    promise or fraudulent purpose.
  • - For example pretending to be from a bank,
  • creating a false website, pretending
    to be
  • a real company, fake auditing letters.

15
From PNC Bank Sent May 17, 2004 631 PM To
abuse_at_rutgers.edu Subject To All PNC bank
users Dear PNC user, During our regular update
and verification of the user data, you must
confirm your credit card details. Please confirm
you information by clicking link below.
http//Cards.bank.com pncfeatures/cardmember
access.shtml
?
16
How Does an Identity Thief Use Your Information?
  • Obtains Credit Cards in your name or
  • makes charges on your existing accounts (42).
  • Obtains Wireless or telephone equipment or
    services in your name (20).
  • Forges checks, makes unauthorized EFTs, or open
    bank accounts in your name (13).
  • Works in your name (9).
  • Obtains personal, student, car and mortgage
    loans, or cashes convenience checks in your name
    (7).
  • Other uses obtains drivers license in your name.

17
Victims of Identity Theft
  • If your identity is stolen, do the following
    immediately
  • Contact the fraud department of the three major
    credit bureaus (Equifax, Experian, Trans Union).
  • Contact your creditors and check your accounts.
  • File a police report.
  • - File a complaint with the FTC.

18
Recovery
  • Take back control of your identity
  • Close any fraudulent accounts.
  • Put passwords on your accounts.
  • Change old passwords and create new PIN codes.

19
Prevention
  • Protect yourself
  • Protect others
  • Guard against fraud
  • Sign cards as soon as they arrive.
  • Keep records of account numbers and phone
    numbers.
  • Keep an eye on your card during transactions.
    Also be aware of who is around you, is anyone
    else listening?
  • Check your credit report and credit card monthly
    statements.

20
Annual credit bureau report
  • New Jersey residents are entitled to one free
    annual credit report.
  • If you are denied credit, you are allowed to
    request one free copy of your credit report.
  • Check your report for accurate information,
    open accounts, balance information, loan
    information, etc.

21
Credit Bureau Links
  • Equifax www.equifax.com
  • To order a report, 1-800-685-1111
  • To report fraud, 1-800-525-6285
  • Experian www.experian.com
  • To order a report, 1-888-397-3742
  • To report fraud, 1-888-397-3742
  • Trans Union www.tuc.com
  • To order a report, 1-800-916-8800
  • To report fraud, 1-800-680-7289

22
Have you been a Victim?
23
You may be a victim if
  • You are denied credit.
  • You stop getting mail.
  • You start getting collection calls/mail.
  • You start getting new bills for accounts you do
    not have or services you did not authorize.
  • Your bank account balances drops.

24
Damages
  • Time
  • Money
  • Credit rating
  • Reputation

25
Good Practices
  • Photocopy the contents of your wallet/purse.
  • Photocopy your passport (keep a copy at home and
    one with you when you travel).
  • Empty your wallet/purse of non-essential
    identifiers.
  • Do not use any information provided by the people
    who may be trying to scam you look it up
    yourself.
  • Shred documents before you depose of them.

26
GLBA requires us to PROTECT CONSUMERS from
substantial harm or inconvenience.
27
What can we do to guard NPI?
  • Keep confidential information private.
  • Use care when asking or giving SSN.
  • Use secure disposal methods.
  • Protect the privacy of data transmissions.
  • Improve procedures.

28
Actions to prevent Others from becoming Victims
  • Determine what information you need.
  • Provide a secure workplace.
  • Always ask for a students ID or debtors account
    number.
  • Keep prying eyes away from customers
    information.
  • Dont expose NPI information to the outside world.

29
Actions to prevent Others from becoming Victims
  • Take care when you provide employees or
    customers personal information to others.
  • Know explain how you handle personal
    information.
  • Ask for written permission prior to sharing
    personal information.
  • Report problems or concerns to managers or
    supervisors.

30

Remember to always maintain confidentiality,
security and integrity
  • Avoid
  • unauthorized disclosure
  • removing information from your office
  • sharing information
  • tossing information in the trash
  • down loading or e-mailing information.

31
General Privacy
  • Do not provide correcting information for account
    verification questions.
  • Be suspicious.
  • Be paranoid.
  • Dont be afraid to say no when asked for
    information that is not required to conduct the
    current business transaction.

32
What are university assets?
33
Rutgers University Assets
  • Are customer
  • information and records assets?

34
Safeguarding Information
  • Information takes many forms.
  • Information is stored in various ways.
  • Data assets have unique risks.

35
Safeguarding Information
  • Your Role
  • Ensure Physical Security.
  • Select and Protect hard to guess passwords.
  • Avoid email traps and disclosures.
  • Back up files.
  • Log off your computer when not in use.
  • Do not open emails with attachments from unknown
    sources.
  • Obliterate data before giving up your computer.
  • Recognize social engineering tactics.

36
Safeguarding Information
  • Your role as a user.
  • What else can you do?

37
Check your work area!
  • Do you leave NPI reports on your desk?
  • Is NPI stored in unlocked file cabinets?
  • Keep computer disks secure.
  • Do not save NPI on your computer C drive.

38
Safeguarding Information
  • Your role.
  • The University has many policies and procedures
    to help you, learn them.

39
University Regulations Guidelines related to
Safeguarding
  • Standards for University Operations Handbook
  • Confidentiality
  • Accounting for Financial Resources
  • Acceptable Use of Network Computing Resources
  • Agreement for Accessing Information
  • Acceptable Use Policy
  • Guidelines for Interpretation of Acceptable Use
  • Acceptable Use Supplement
  • Basics

40
Potential Damages to Rutgers
  • Reputation
  • Violation of federal and state laws
  • Fines
  • Reparation costs
  • Recovery costs
  • Increased prevention costs
  • Georgia Tech accidental release of credit card to
    the internet cost them over 1,000,000.

41
Managements Expectations
  • Rutgers places a high level of trust in you, its
    faculty and staff, and requires that University
    assets under your control be protected and
    properly safeguarded from loss and misuse.
  • Joanne G. Jackson
  • Senior V.P.
  • October 24, 2001

42
Expectations
  • All RU employees are responsible for securing and
    caring for University property, resources and
    other assets.
  • RU relies on the attention and cooperation of
    every member of the community to prevent, detect
    and report the misuse of university assets.

43
Prevention
  • Protect yourself
  • Protect others

44
Safeguarding customer information and university
assets is everyones job!
Write a Comment
User Comments (0)
About PowerShow.com