Preventing Identity Theft and Achieving Compliance with GLBA & FACTA

The protection of any personal consumer information stored in a financial company’s information system is regulated in the US by two key laws: GLBS (the Gramm-Leach-Bliley Act of 1999) and FACTA (the Fair and Accurate Transactions Act of 2003). Both of these laws were drawn up in an effort to protect consumer financial information against leakage and abuse, and in order to prevent identity theft and other types of fraudulent behavior.

Under GLBA and FACTA, US supervisory bodies have prepared a number of special standards known as the Interagency Guidelines Establishing Information Security Standards ("Security Guidelines"). These standards clarify and provide the details for the requirements set out in GLBA and FACTA in terms of protecting sensitive client data. According to the Security Guidelines, financial organizations must undertake administrative, technical and physical security measures in order to guarantee the security, confidentiality, integrity and proper destruction of consumer information. The Security Guidelines came into force on 1 July 2005.

This white paper reviews the requirements of GLBA and FACTA (Security Guidelines), which impact a company's information infrastructure and the security means used therein. Also, it addresses the features of DeviceLock, a product by DeviceLock, Inc., which can help organizations achieve compliance with GLBA and FACTA much more effectively.