The definition of “financial institution” is quite broad and includes businesses that are significantly engaged in providing financial products or services, such as check-cashing businesses, mortgage or nonbank lenders, loan brokers, financial and investment advisors, real estate service providers, insurance, debt collectors, and businesses providing retail financing to consumers. A Minnesota business can also be covered under these laws if they collect and maintain financial information for companies that fall directly under these laws. Service providers to financial institutions are subject to examination by the regulators and will generally be expected to contractually agree to comply with the GLBA requirements. Amendments to the Safeguards Rule of the Gramm Leach Bliley Act became effective October 27, 2022, expanded the definition of financial institutions covered by the law and imposed new burdensome requirements related to data security. Motor vehicle dealers and colleges are just two examples of non -banking financial institutions that now fit the expanded definition of so-called “finders” and are required to implement and maintain a comprehensive data security system that protects customer information. In general the amendments impose more specific requirements on the covered business or organization such as encryption, employee training, secure development practices, multi-factor authentication, information disposal procedures, vendor management, reporting to boards of directors, and assigning a person to implement and manage the data security program. Purpose. The purpose of the GLBA is to restrict the sharing of customers’ financial information by requiring financial institutions to give customers notice of their privacy practices, providing a right of a consumer to opt-out of certain types of sharing, and requiring financial institutions to implement appropriate safeguards to protect their customers’ “nonpublic personal information.”
5
Made with FlippingBook - Online Brochure Maker