{% set baseFontFamily = "Lato" %} /* Add the font family you wish to use. You may need to import it above. */

{% set headerFontFamily = "Lato" %} /* This affects only headers on the site. Add the font family you wish to use. You may need to import it above. */

{% set textColor = "#565656" %} /* This sets the universal color of dark text on the site */

{% set pageCenter = "1100px" %} /* This sets the width of the website */

{% set headerType = "fixed" %} /* To make this a fixed header, change the value to "fixed" - otherwise, set it to "static" */

{% set lightGreyColor = "#f7f7f7" %} /* This affects all grey background sections */

{% set baseFontWeight = "normal" %} /* More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set headerFontWeight = "normal" %} /* For Headers; More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set buttonRadius = '10px' %} /* "0" for square edges, "10px" for rounded edges, "40px" for pill shape; This will change all buttons */

After you have updated your stylesheet, make sure you turn this module off

by InnReg

The Ascension Case: A Good Example of GBLA Violations

Categories: Compliance Issues


On January 6, 2021, it was announced that Ascension Data and Analytics, LLC ("Ascension") settled a lawsuit with the Federal Trade Clinician ("FTC") which claimed that they breached the Gramm-Leach-Bliley Act ("GLBA") Safeguard Rules by failing to properly assure that the security provisions of their third-party service provider to ensure if properly protected consumers identifying financial information. This case serves as a warning to all companies using third party vendors.


The Gramm-Leach-Bliley Act

The GLBA governs a wide range of financial institutions including lenders, banks, financial advisors, and others. Under the GLBA, covered entities must implement and maintain a comprehensive written information security policy in accordance with the size, scope, complexity and nature of personal data collected. So the more sensitive the personal data the more rigorous the policy must be.

If a company covered by GLBA chooses to work with a document processing center , it must ensure that the third-party vendor is also compliant.


The Safeguard Rule Violations

The FTC's complaint against Ascension alleges that Ascension hired a document processing center to process tens of thousands of mortgage documents for approximately 60,000 customers. These mortgage documents included identifying financial information such as Social Security numbers, driver's license numbers, names, loan information, and bank account information.

The complaint alleges that Ascension did not properly review the document processing center's security provisions and as a result, the sensitive information was accessible to unauthorized users for approximately one year. This exposure was a violation of the GBLA’s Safeguard Rules which provide that financial institutions must provide the private financial data they collect.

The settlement that Ascension has reached with the FTC requires Ascension to implement and maintain a comprehensive data security program overseen by designated employees, provide an annual certification from an executive officer attesting compliance with the FTC order, and undergo a security audit every two years.


Three Steps to Avoid Safeguard Rule Violations

In order to avoid these pitfalls your business should:

  1. Ensure you have written security protocols
  2. Regularly review and update said protocols, and
  3. Ensure that third-parties you may work with are also compliant with GLBA.