[unisog] GBLA policy examples

James Goldston jgoldston at sses.net
Wed Jul 16 19:32:59 GMT 2003


The format of a policy shouldn't matter (other than for readability,
understandability, etc.).  Content is king.

Assuming you are asking in the context of an educational facility, is the
edu considered a "financial institution?"  If not then I'm not sure the GLB
applies.  If you believe it does, please provide why if you don't mind.
There are various places where pre-approved examples of consumer notices and
opt-out examples are already provided.  You can also look at a financial
institution web's sites for examples.  Most will have them.

For the financial world, of much more importance are all the banking
regulations as a result of the GLB fallout.  E.g., require a formal written
Info Sec Prgm, Board level involvement.

James

Notes:
Subtitle A of Title V of the Gramm-Leach-Bliley Act ("GLB Act") has privacy
provisions relating to consumers' financial information...

Definition: Any institution the business of which is engaging in financial
activities as described in section 4(k) of the Bank Holding Company Act (12
U.S.C. ? 1843(k)). Under the Final Rule promulgated by the Federal Trade
Commission (FTC), an institution must be significantly engaged in financial
activities to be considered a "financial institution."


> -----Original Message-----
> From: Phillip G Deneault [mailto:deneault at WPI.EDU]
> Sent: Wednesday, July 16, 2003 1:39 PM
> To: unisog at sans.org
> Subject: [unisog] GBLA policy examples
>
>
> Does anyone have any good examples for policies that fulfill the
> Gramm-Leach-Bliley Act?  I understand what I need to put in but not the
> format.
>
> We've missed the deadline to have submitted our policies and now its on my
> desk.  Woo.
>
> Thanks
> Phil
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Phil Deneault     "We work in the dark, We do what we can,
> deneault at wpi.edu   We give what we have. Our doubt is our passion,
> WPI NetOps         and our passion is our task. The rest is the
> InfoSec            madness of art." - Henry James
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>



More information about the unisog mailing list