Certified Banking Data Privacy Law and Regulation - Module 4.pptx
trevor501353
8 views
23 slides
Feb 26, 2025
Slide 1 of 23
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
About This Presentation
Certified Banking Data Privacy Law and Regulation - Module 4.pptx
Slide Content
Data Privacy Law and Regulation Certification Dr. Kevin F. Streff Founder and Managing Partner 1
2 Testified to Congress several times on behalf of banking and cyber Author of Data Privacy textbook Conducted training and education for examiners Done cybersecurity work in almost all states in the U.S. banking system for over 20 years Published in both banking and academic magazines and journals Regular speaker at banking conferences Leading technology, cyber, and privacy educator at Dakota State University and the ASP Academy™ Dr. Kevin Streff
Dr. Streff is not an attorney and is not providing legal advice 3
Agenda 4
Module 4 Gramm-leach-Bliley Act of 1999 – Regulation p 5
Glass-Steagall of 1933 Legislation that includes four provisions of the United States Banking Act of 1933 separating commercial and investment banking Forced commercial banks to refrain from investment banking activities to protect depositors from potential losses through stock speculation. Glass-Steagall aimed to prevent a repeat of the 1929 stock market crash and the wave of commercial bank failures. Signed into law by President Franklin Delano Roosevelt was part of the New Deal 6
Gramm-Leach-Bliley Act of 1999 Repealed Glass-Stegall Increased competition Increased need for information sharing Increased need for security and privacy The eliminated the Glass-Steagall Act's restrictions against affiliations between commercial and investment banks in 1999, which some argue sparked the 2008 financial crisis. 7
The GLBA requires FIs to clearly communicate how sensitive financial data is protected SEC. 501. Safeguards Rule – Develop and operationalize a written information security program SEC. 502. Financial Privacy Rule - Obligations with respect to disclosures of personal information SEC. 503. Disclosure of a Privacy Policy LINK Let’s Review GLBA Together 8
Thought of security and privacy as separate and distinct We know today that are overlapping and dependent upon each other Privacy Started with consent and privacy policy Today: Need an Information Privacy Program Security Started with Information Security Program GLBA 9
Provide Transparency and Control Over Personal Data Protect CIA of Non-Personal Data and Information Systems 10 Information Privacy Program Information Security Program
Commercially Reasonable Security Commercially Reasonable Privacy Provide Transparency and Control Over Personal Data Protect CIA of Non-Personal Data and Information Systems 11 Information Privacy Program Information Security Program
Title V, subtitle A of the Gramm-Leach-Bliley Act (GLBA) governs the treatment of nonpublic personal information about consumers by financial institutions. Section 502 of the subtitle, subject to certain exceptions, prohibits a financial institution from disclosing nonpublic personal information about a consumer to nonaffiliated third parties unless (1) the institution satisfies various notice and opt-out requirements and (2) the consumer has not elected to opt out of the disclosure. Section 503 requires the institution to provide notice of its privacy policies and practices to its customers. Section 504 authorizes the issuance of regulations to implement these provisions. GLBA 12
In 2000, a ll federal agencies published regulations implementing provisions of the GLBA governing the treatment of nonpublic personal information about consumers of financial institutions. In 2010, Title X of the Dodd-Frank Act Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank Act) granted rulemaking authority for most provisions of subtitle A of title V of GLBA to the Consumer Financial Protection Bureau (CFPB) with respect to financial institutions and other entities subject to the CFPB’s jurisdiction, except securities and futures-related companies and certain motor vehicle dealers. The Dodd-Frank Act also granted authority to the CFPB to examine and enforce compliance with these statutory provisions and their implementing regulations with respect to entities under CFPB jurisdiction. In December 2011, the CFPB recodified in Regulation P, 12 CFR part 1016, the implementing regulations that were previously issued. Section 502 13
Must provide notice and option to opt out Notice of privacy polices and practices May not disclose account numbers Must follow redisclosure and reuse limitations Section 502 14
Privacy Policy Collection Opt out provisions Model privacy form Dealing with Nonpu blic Personal Information Section 502 15
I s any information that is not publicly available and that: a consumer provides to a financial institution to obtain a financial product or service from the institution, results from a transaction between the consumer and the institution involving a financial product or service, or A financial institution otherwise obtains about a consumer in connection with providing a financial product or service Nonpublic Personal Information 16
Any person except a financial institution’s affiliate or a person employed jointly by a financial institution and a company that is not the institution’s affiliate. An “affiliate” of a financial institution is any company that controls, is controlled by, or is under common control with the financial institution. Nonaffiliated Third Party 17
Opt Out Rights Opt Out Exceptions (Sections 13, 14 and 15) Consumer and Customer Opt Out 18
Notice and Opt Out duties to consumers Notice and Opt Out duties to customers Financial Institution Duties 19
Clear and conspicuous Delivery rules Notice content Model privacy form Notice Requirements 20
Limitations on disclosure of account numbers Redisclosure and reuse limitations Other Matters 21
Regulation P deals with consent and privacy notices More needs to be done on the privacy side than this, but it was a place to get started 22
Dr. Kevin Streff American Security and Privacy, LLC Founder & Managing Partner www.americansecurityandprivacy.com [email protected] 605.270.4427 www.drstreff.com 23 ASP Academy ™
Tags
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 8
- Slides 23
- Age 277 days
Related Slideshows
22
FM I Chapter 3: Time Value of Money .ppt
belaywube
22 views
40
Financial Management I Chapter Three.pdf
belaywube
21 views
![Md. Sirajuddwla Vs. The State and Ors. [2016] 1LNJ(HCD)177.](https://slidepub.com/thumb/2184/284012184.jpg)
9
Md. Sirajuddwla Vs. The State and Ors. [2016] 1LNJ(HCD)177.
SMAlamgirHossain3
21 views
26
business finance-2nd quarter week 1.pptx
DianaPingol2
20 views
37
bank-reconciliation-2-240226133520-7f66bb8a.pptx
NaizeJann
20 views
25
Create_a_Portfolio_Website_Showcasing_Projects_Skills_and_Contact_Info_Presentation.pdf.pdf
AluminicompSRESCoeKo
18 views