Troux Tech Logo
   
GLBA Software - Home
BCA: Complete Compliance Software Info
BCA Software Demo and Presentation
GBLA and BCA news and events
From Square One - Company Info
Home > BCA Software Demo

GBLA in the News

Federal Government is beginning to police the new GBLA Laws.

As of May 23, 2003, colleges and universities must be in compliance with provisions of the GLB Act that relate to the Safeguards Rule. Colleges and universities that already comply with the Family Educational Rights and Privacy Act (FERPA) will be deemed to be in compliance with FTC privacy rules under the GLB Act.

ELI LILLY TO PAY STATES FOR PRIVACY VIOLATION
Eli Lilly has now finalized the terms of payment under its settlement with eight states' attorney generals for its violation of consumer privacy last summer. The pharmaceutical company had operated a Medi-Messenger service through its Web site that allowed customers to sign-up for an automated reminder to take their Prozac prescription. When the company announced the end of this service on June 27, 2001, it accidentally released the e-mail addresses of all 669 subscribers. Earlier this year, Eli Lilly reached a settlement with the Federal Trade Commission that obligated the company to investigate privacy risks and perform annual privacy reviews. Now, Eli Lilly has also reached a settlement with the attorney generals for the eight states in which the subscribers resided. The company has agreed to pay a total of $160,000 to the states and also promised to adhere to enhanced privacy safeguards. None of these monies will go to those individuals whose e-mail addresses were released because the states do not know their names and do not wish to make them public again.

News release:
www.usatoday.com/tech/news/internet privacy/2002-07-26-drugmaker-email_x.htm

U.S. APPEAL COURT UPHOLDS PRIVACY PROTECTION FOR PERSONAL FINANCIAL INFORMATION
In Trans Union LLC v. Federal Trade Commission , the U.S. Circuit Court of Appeals for the District of Columbia confirmed that the federal Gramm-Leach-Bliley Act (GLBA) applies to credit reporting agencies and does not infringe the First Amendment right to free speech. Trans Union had argued that FTC regulations made pursuant to the GLBA unlawfully restricted its ability to disclose and reuse certain consumer information as a credit reporting agency. The Court held that credit reporting agencies are “financial institutions” within the meaning of the GLBA and that the definition of “personally identifiable financial information” is not overboard. The Court also found that FTC regulations restricting the reuse of personal financial information, including the use of consumer account numbers for marketing purposes, were consistent with the GLBA. The issue of whether the FTC could prevent the disclosure of aggregated data was considered “not yet fit” for judicial review, which leaves the potential GLBA implications of disclosing such information unresolved.

Decision of the U.S. Circuit Court of Appeal:
http://laws.findlaw.com/dc/015202a.html

U.S. DISTRICT COURT RULES FEDERAL PRIVACY LEGISLATION TRUMPS STATE COURT'S ORDER FOR DISCLOSURE
The U.S. Federal District Court for the Eastern District of Louisiana has ruled that federal consumer protection legislation can override a state court's order to produce documents containing private financial information about a business's customers. In a Louisiana State Court action, the plaintiff obtained a subpoena ordering the production of records that included details of the defendant's - Union Planters Bank - customer mortgage accounts and other personal financial information. After failing to have the subpoena over-turned at the state court level as a violation of Louisiana privacy law, the Bank then petitioned the Federal District Court for an injunction to enjoin the third party holder of the information from disclosing it. The Bank argued that the subpoena violated the Gramm-Leach-Bliley Act (GLB), which prohibits the disclosure of non-public information to third parties unless the consumer is first given the opportunity to direct that such information not be disclosed. The District Court granted a preliminary injunction, holding that a failure to grant the injunction would result not only in irreparable harm to the Bank's reputation, but also that a failure to prevent such disclosure was contrary to the public interest in enforcing the federal statute. The decision was upheld when the plaintiff brought a motion for reconsideration.

Federal Court's initial decision:
Union Planters Bank, N.A. v. Gavel , 2002 U.S. Dist. LEXIS 8782

Federal Court's decision on the Motion for Reconsideration:
Union Planters Bank, N.A. v. Gavel , 2002 U.S. Dist. LEXIS 11969

In November 1997, Charter Pacific Bank of Agoura Hills , California sold millions of credit card numbers to an adult website company, which then proceeded to bill customers for access to Internet porn sites and other services they did not request. Some of the customers billed did not even own a computer. The website company had set up numerous merchant accounts under different names to avoid detection. In September 2000, the FTC announced that it has won a $37.5 million judgment against the website company. While the bank maintained that it did not do anything wrong, it has since then stopped selling credit card numbers to merchants.

In 1998, Nations Bank (later merged with Bank of America) was fined millions for securities law violations because it shared customer information with its affiliate subsidiary Nations Securities. The subsidiary then convinced low risk customers to buy high-risk investments. Many Nations Bank customers lost large amounts and many senior citizens lost large amounts of their life savings.

In June 1999, the Minnesota Attorney General initiated a lawsuit against U.S. Bankcorp for sharing customer information with third party marketers in violation of its own policies without customer knowledge or authorization. The telemarketers then illicitly charged those customers. US Bankcorp eventually settled that case, along with those brought by 39 other state attorneys general. In April 2000, Minnesota settled with the third party telemarketer, Memberworks, that US Bankcorp used. According to Memberworks' SEC filings, 19 out of the 25 largest banks in the US had contracts with it. Other prominent banks, including Chase Manhattan and Citibank, have been involved in schemes where personal account information is sold to telemarketers.

November 2003 NIADA statement to dealerships: GBLA requires the disclosure of a privacy policy regarding non-public consumer information. All Buy-Here/Pay-Here dealers must notify all customers that are still making payments to the dealers.

Fol almost every dealer, compliance is simple but mandatory. If you are involved in arranging credit have the customer review and sign the GLB - Customer Privacy Choice document. download NIADA statement Adobe Acrobat Document

FTC Begins Investigating Dealerships for Compliance with Privacy Laws. The wait is over for those dealers who have been taking a “wait and see” approach to whether the FTC will take action to enforce its Privacy and Safeguards Rules.  We recently reviewed a copy of one of the formal investigative requests served on a dealership and it asked for evidence that the dealership was in compliance with the Rules, including: A description of the dealership's corporate structure; a description of the type of information collected from or about customers and a sample copy of each form used to collect the information; a copy of the written information security program and the time period during which it was written and implemented; a description off the security risks that were identified in developing the plan and how the final plan does or does not address each of the risks; the name and title of each employee responsible for coordinating the safeguards plan; and the name of each service provider together with information regarding the types of customer information they have access to, the manner and form of access, the reasons for access, a copy of the contract requiring them to implement and maintain security safeguards, and an explanation of how the dealership confirms that they have implemented and maintain such safeguards.  As a reminder, the penalty for noncompliance is $11,000 per day, retroactive back to May 23, 2003.  To put this into perspective, as of the release of this LLR Update, the fine would be in excess of 1.9 million dollars.  If you have any questions regarding the FTC's Privacy and Safeguards Rules or the steps your Dealership needs to take to be in compliance, contact NIADA or your Affiliated State Association.

FTC, OTHERS PURSUE CREDIT COUNSELING AGENCY UNDER GLBA
The U.S. Federal Trade Commission (FTC) has filed legal action against AmeriDebt, Inc. (and agreed to settle charges against an AmeriDebt vendor, Ballenger Group LLC) arising from AmeriDebt's failure to meet the privacy-related requirements of the Gramm-Leach-Bliley Act and the FTC's Privacy of Consumer Financial Information Rule. Reportedly, the attorneys general of Texas and Minnesota soon are expected to file separate lawsuits related to AmeriDebt's activities; the attorneys general of Illinois and Missouri filed suits earlier this year. (November 24, 2003)

http://www.ftc.gov/opa/2004/07/gateway.htm   
Gateway Learning Fined
http://www.ftc.gov/opa/2004/04/towerrecords.htm  
Tower Records Fined

 



Back to Top

 


CIOs and IT leaders who need assistance with creating a proactive strategy to comply with GLB Act. Those who are considered "financial institutions" must be compliant. Includes:

  • Loan & Credit
  • Collection Agencies
  • Real Estate
  • Appraising
  • Check Guarantee
  • Leasing/Rentals
  • Travel Agencies
  • Tax Planning/Filings
  • Auto Dealers
  • Government Branches
Learn More Learn More

Free Webinar

Register now for our next FREE IT Executive Webinar

"UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT WITH THE GLBA"

- view online now
- download ppt

Register Now Register Now


FTC CONSUMER
COMPLAINT FORM

FTC Consumer Complaint Form

IMPORTANT:
* If you want to file a complaint about a violation of National Do Not Call Registry or register your telephone number on the Registry, Please go to www.donotcall.gov

* If you want to file a report about Identity Theft, please use our Identity Theft Complaint Form.

* If you want to file a complaint about an online transaction that involves a foreign company, please use our econsumer.gov complaint form.

Copyright (c) 2004 a Land Integrated Services, All Rights Reserved. | Privacy Policy

  Our operators are available to assist you with the Business Compliance Assistant by calling (912) 695-4495, M-F, 8AM to 5PM EST

l>