The publication, entitled "Financial Institutions and Customer
Data: Complying with the Safeguards Rule," emphasises that strong
information security practices are not only required by law, but
also make good business sense. According to the guidelines,
institutions that demonstrate a high level of protection against
identity theft and fraud "will garner consumer confidence."
The guidelines also advise companies to consider all areas of
their operation when implementing the Rule, including employee
training and information systems. It is also suggested that
companies should check the references of employees that could have
access to customer information, and ask these employees to sign
confidentiality agreements.
The Safeguards Rule applies to businesses in the US, regardless
of size, that are "significantly engaged" in providing financial
products or services to consumers, including non-bank lenders,
mortgage brokers, credit agencies, tax professionals and courier
services.
Such institutions are obliged to submit a written information
security plan that describes the specific ways their employees
should protect consumer information. They are also responsible to
ensure that their affiliates and service providers safeguard
customer information in their care.
The FTC publication is available at:
www.ftc.gov/bcp/conline/pubs/buspubs/safeguards.htm
The Safeguard Rule is available at:
www.ftc.gov/privacy/glbact/
Additional FTC guidance on information security can be found
at:
www.ftc.gov/bcp/conline/edcams/infosecurity
