Gramm, Leach, Bliley

Gramm Leach Bliley Privacy Training Includes:

  • Gramm Leach Bliley required setup of “Information Security Plan”
  • Patriot Act
  • TSR
  • Do Not Call Law review
  • CANSPAM review
  • Quarterly reviews and inspection
  • Quarterly Firewall Vulnerability and Pretexting
  • Regulation “Z” and “M” review
  • Monthly document destruction shredding with “Certificates of Destruction”
  • Mandated yearly employee refresher training
  • FIN/CEN review
  • OFAC review
  • Third Party Provider contract review
  • New hire training every quarter or eLearning

Are you prepared for an Audit? Do you have the necessary policies and procedures in place mandated by the FTC, IRS and the Treasury Department?

Take this simple test to see if you are complying or not.

  1. Have I designated a Privacy and a Cash Reporting Compliance Officer?
  2. Have I had all employees trained in Gramm-Leach Bliley and Patriot Act, and have they signed the proper confidentiality, background, and security paperwork?
  3. Have I developed a written Anti-Money Laundering policy?
  4. Have I identified and written an Information Security Policy?
  5. Have I developed and written an opt-out notice relevant to my business?
  6. Have I inspected all dealership computers including my DSP and any third party vendor’s security including SSL, encryption, firewalls and access to my customers’ information?
  7. Since I am ultimately responsible for my third party providers, have I exercised due diligence with respect to their compliance and have I changed my contracts with them to reflect this?
  8. Have I developed written procedures to inform customers if their information is lost or stolen?
  9. Does my web site have the necessary privacy statements and encryption?
  10. When was the last time we looked at past and present employees, checked passwords and updated our employee compliance?
  11. What is the current status of our computers with access to the internet as far as Anti-Virus software and what release is it?
  12. Have we identified what the FTC considers to be “Non-Public-Information” and how this affects work orders, service invoices, parts invoices, and other common dealership documents?
  13. Do we have a procedure for a Blocked Transaction?
  14. Do we have in place a check-out log for NPI records?
  15. Do we have a system in place to train all the new hires to comply with Gramm-Leach Bliley and Patriot Act? Who is going to do it? Who has time?
  16. What is our current method for destroying our customers’ NPIs and does it meet federal requirements?
  17. Have we set up indemnification provisions with current and future Third party providers? Who will have the time to chase these things?
  18. Do we have secure NPI receptacles?
  19. Are we sure we understand OFAC and the implications to my business?
  20. Do we have all the above documented and logged in case of an Audit? Who will be the responsible party for all this? And, I know we are required to test these policies. How do we do that and by what method?

These are just some of the policies and procedures you are responsible for.

Maybe it’s not as locked-up as you thought.