{% set baseFontFamily = "Lato" %} /* Add the font family you wish to use. You may need to import it above. */

{% set headerFontFamily = "Lato" %} /* This affects only headers on the site. Add the font family you wish to use. You may need to import it above. */

{% set textColor = "#565656" %} /* This sets the universal color of dark text on the site */

{% set pageCenter = "1100px" %} /* This sets the width of the website */

{% set headerType = "fixed" %} /* To make this a fixed header, change the value to "fixed" - otherwise, set it to "static" */

{% set lightGreyColor = "#f7f7f7" %} /* This affects all grey background sections */

{% set baseFontWeight = "normal" %} /* More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set headerFontWeight = "normal" %} /* For Headers; More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set buttonRadius = '10px' %} /* "0" for square edges, "10px" for rounded edges, "40px" for pill shape; This will change all buttons */

After you have updated your stylesheet, make sure you turn this module off

The Ascension Case: A Good Example of GLBA Violations

by InnReg

On January 6, 2021, it was announced that Ascension Data and Analytics, LLC ("Ascension") settled a lawsuit with the Federal Trade Clinician ("FTC") which claimed that they breached the Gramm-Leach-Bliley Act ("GLBA") Safeguard Rules by failing to properly assure that the security provisions of their third-party service provider to ensure if properly protected consumers identifying financial information. This case serves as a warning to all companies using third party vendors.

 

The Gramm-Leach-Bliley Act

The GLBA governs a wide range of financial institutions including lenders, banks, financial advisors, and others. Under the GLBA, covered entities must implement and maintain a comprehensive written information security policy in accordance with the size, scope, complexity and nature of personal data collected. So the more sensitive the personal data the more rigorous the policy must be.

If a company covered by GLBA chooses to work with a document processing center , it must ensure that the third-party vendor is also compliant.


The Safeguard Rule Violations

The FTC's complaint against Ascension alleges that Ascension hired a document processing center to process tens of thousands of mortgage documents for approximately 60,000 customers. These mortgage documents included identifying financial information such as Social Security numbers, driver's license numbers, names, loan information, and bank account information.

The complaint alleges that Ascension did not properly review the document processing center's security provisions and as a result, the sensitive information was accessible to unauthorized users for approximately one year. This exposure was a violation of the GBLA’s Safeguard Rules which provide that financial institutions must provide the private financial data they collect.

The settlement that Ascension has reached with the FTC requires Ascension to implement and maintain a comprehensive data security program overseen by designated employees, provide an annual certification from an executive officer attesting compliance with the FTC order, and undergo a security audit every two years.

 

This analysis was written by subject-matter experts with decades of experience, not freelance copywriters, SEO agencies, or AI-based tools. We are global regulatory compliance experts.


Three Steps to Avoid Safeguard Rule Violations

In order to avoid these pitfalls your business should:

  1. Ensure you have written security protocols
  2. Regularly review and update said protocols, and
  3. Ensure that third-parties you may work with are also compliant with GLBA.

The Author

InnReg is a team of over 30 Regulatory Compliance and Innovation Consulting experts helping fintechs succeed in highly regulated markets since 2013. InnReg specializes on mitigating regulatory risk while helping clients launch and grow innovative fintech products and services.

Topics: Compliance Issues, Legal and Compliance


Stay on Top of Changing Fintech Compliance & Innovation Strategies