How we help you comply: GLBA
What is the GLBA?
The Gramm-Leach-Bliley Act (GLBA) sets out mandatory requirements that financial institutions (e.g. companies offering consumer financial products and services like loans, investment advice and insurance) are required to follow in collecting, processing and sharing financial information.
The key information under the GLBA is information that it defines as ‘non-public personal information’, or NPI. Financial institutions are limited in when they can share this information and are also required to tell consumers that they can opt-out of some activity that may involve the sharing of this information.
If a company receives NPI, the GLBA may also restrict what that company itself can do with that information.
Why is it important to us?
Whilst we ourselves do not offer regulated software and services, we are mindful of our obligations to the companies and people using our services where their own products, services and activities may be caught by the requirements of the GLBA.
We can provide further information to you about how the compliance measures that we take in respect of our own software and services can help you to meet your own obligations under the GLBA. We can provide this information either under a non-disclosure agreement or through any secure portal functionality that we may provide on our website from time to time.
Why is it important to you?
If you use our software and services to process personal NPI then this activity may be subject to certain requirements set out in the GLBA. You will need to make sure that you comply with your obligations and we can help you meet these.
Software and services focussed on compliance
Our software and services are firmly focussed on ensuring regulatory compliance – not just with the GLBA, but with other privacy regulations around the globe. You can find out more information on each of these using the links above or the Products and Solutions tabs at the top of the page.
Protect your Content
Our communication and file sharing services provide security and encryption to protect your Content and help to ensure that it remains confidential and secure.
User controls and access permissions
Our software and services can provide you with tools to ensure that only those who you want to access your Content (and any NPI in it) can do so. These editable and auditable permission controls provide key regulatory compliance when sharing NPI with colleagues and third parties, and ensure that you remain in control of your Content (and any NPI in it).
Taking steps to prevent breaches before they happen
Through our Prevent tool we also provide tools that guide user behaviour to help prevent incidents before they arise.
Where you subscribe to a service that we host on your behalf, we use market leading providers to ensure that your Content (and any NPI in it) remains safe and secure.
Transparency and information
We provide a wide range of information and resources on our Legal and Compliance hubs to enable you to conduct your own risk assessments on us to ensure that you are able to meet your own obligations under the GLBA.
Some of these may be subject to controls to ensure the confidentiality of any information that we provide to you, so please bear with us if we ask you to sign up to user terms or non-disclosure obligations prior to giving you access.
Key GLBA requirements
Financial institutions are required to put in place and maintain administrative, technical and physical measures to protect NPI. With data protection at the core of our products and services, and compliance programmes, we are perfectly placed to help you to ensure the security and confidentiality of the NPI you control.
Encryption is a key aspect of our service delivery and our software and services can provide you with tools to ensure that only those who you want to access your Content (and any NPI in it) can do so. These editable and auditable permission controls provide key regulatory compliance when sharing NPI with colleagues and third parties, and ensure that you remain in control of your Content (and any NPI in it).
Through our Prevent tool we can also provide tools that guide user behaviour to help prevent incidents before they arise.
The Financial Privacy Rule
The GLBA requires financial institutions to provide consumers with a privacy notice at the time the relationship is established and annually thereafter which must explain the information collected about them; how it is shared, used and protected.
If you need to find out details about us to enable you to meet your obligations under the Financial Privacy Rule, we provide a wealth of information about us and our services here.
The Safeguards Rule
Under the GLBA, financial institutions need to develop a written information security plan which sets out the steps that it takes to protect and safeguard NPI. To help you capture how our software and services work and form part of your security measures, we provide information about how they work here, and information about the steps that we take to protect information can be found here.
We are able to provide more detailed on request. Please note that these are subject to controls to ensure the confidentiality of any information that we provide to you, so please bear with us if we ask you to sign up to user terms or non-disclosure obligations prior to giving you access.
How we respond to a disclosure request from law enforcement
From time to time, we may receive requests or orders from a governmental body (e.g. a court order, law enforcement demand or other local equivalent) relating to Content that we process on behalf of you.
If we receive one of these we will attempt to re-direct the requestor to seek disclosure directly from you (and may provide your basic contact information to enable them to do this this). If, despite our best efforts, we are compelled to disclose the Content then, provided we are allowed to do so, we will provide notice to you so that you may seek a protective order or other remedy.
You can find more information on our approach here.
You can find out more details on our compliance with the GLBA at these links:
- Master subscription agreement (view previous versions)
- Online subscription terms
- Free user subscription terms
Additional service terms
- Acceptable use policy
- Data retention policy
- End of support policy
- Third-party disclosure requests
- Customer complaint policy