Gramm Leach Bliley (GLB) ACT Information Security
Information Security Policy -Privacy Statement Copyright Statement Computer, Internet, and Electronic Communications Policy
This Information Security Plan (“Plan”) describes The Rate Outlet Funding’s safeguards to protect information and data in compliance (“Protected Information”) with the Financial Services Modernization Act of 1999, also known as the Gramm Leach Bliley Act, 15 U.S.C. Section 6801. These safeguards are provided to: Protect the security and confidentiality of Protected Information; Protect against anticipated threats or hazards to the security or integrity of such information, and Protect against unauthorized access to or use of Protected Information that could result in substantial harm or inconvenience to any customer. This Information Security Plan also provides for mechanisms to Identify and assess the risks that may threaten Protected Information maintained by The Rate Outlet Funding; Design and implement a safeguards program; Adjust the plan to reflect changes in technology, the sensitivity of Protected Information, and internal or external threats to information security.
Identification and Assessment of Risks to Customer Information
The Rate Outlet Funding recognizes that it has both internal and external risks. These risks include, but are not limited to:
- Unauthorized access to Protected Information by someone other than the owner of the covered data and information
- Compromised system security as a result of system access by an unauthorized person
- Unauthorized access to covered data and information by employees
- Interception of data during transmission
- Unauthorized requests for covered data and information
- Physical loss of data in a disaster
- Unauthorized access to hardcopy files or reports
- Corruption of data or systems
- Loss of data integrity
- Errors introduced into the system
- Unauthorized transfer of covered data and information through third parties
We (The Rate Outlet Funding) recognize that this may not be a complete list of the risks associated with the protection of Protected Information. The Rate Outlet Funding believes current safeguards are reasonable and, in light of current risk assessments are sufficient to provide security and confidentiality to Protected Information.
Design and Implementation of Safeguards Program
Employee Management and Training
In accordance with The Rate Outlet Funding policies, standards, and guidelines, reference checking and background reviews will be conducted when deemed appropriate. During employee orientation, each new employee in departments that handle Protected Information will receive proper training on the importance of confidentiality of Protected Information. Each new employee will also be trained in the proper use of computer information and passwords. Further, each department responsible for maintaining Protected Information will provide on-going updates to its staff. These training efforts should help minimize risk and safeguard covered data and information security.
The Rate Outlet Funding has addressed the physical security of Protected Information by limiting access to only those employees who have a business reason to know such information and requiring signed acknowledgment of the requirement to keep Protected Information private. Existing policies establish a procedure for the prompt reporting of the loss or theft of Protected Information. Offices and storage facilities that maintain Protected Information limit customer access and are appropriately secured. Paper documents that contain Protected Information are shredded at time of disposal. Any third party services used that would have access to Protected Information have written agreements to ensure confidentiality. Continual oversight will be maintained on all third party service providers who would have access to Protected Information.
Information systems include network and software design, as well as information processing, storage, transmission, retrieval, and disposal. The Rate Outlet Funding has policies, standards, and guidelines governing the use of electronic resources and firewall and wireless policies. We “The Rate Outlet Funding” will take reasonable and appropriate steps consistent with current technological developments to make sure that all Protected Information is secure and to safeguard the integrity of records in storage and transmission. The Rate Outlet Funding will develop a plan to protect all electronic Protected Information by encrypting it for transit.
Management of System Failures
The Rate Outlet Funding will maintain effective systems to prevent, detect, and respond to attacks, intrusions and other system failures. Such systems may include maintaining and implementing current anti-virus software; checking with software vendors and others to regularly obtain and install patches to correct software vulnerabilities; maintaining appropriate filtering or firewall technologies; alerting those with access to covered data of threats to security; imaging documents and shredding paper copies; backing up data regularly and storing backup information off-site, as well as other reasonable measures to protect the integrity and safety of information systems.
Continuing Evaluation and Adjustment
This Information Security Plan will be subject to periodic review and adjustment, especially when due to the constantly changing technology and evolving risks. The Rate Outlet Funding will review the standards set forth in this policy and recommend updates and revisions as necessary. It may be necessary to adjust the plan to reflect changes in technology, the sensitivity of customer data and internal or external threats to information security.
Data Breach Response Plan
The Rate Outlet Funding acknowledges that this Information Security Plan has been developed and will be monitored and maintained consistently. In the event there is a breach of Protected Information from an internal or external source The Rate Outlet Funding will promptly notify all affected customers of the said breach. All customers affected will be provided a mailed notification letter informing them of the potential breach of their Protected Information. The letter shall contain:
- Notification of the potential loss of Protected Information
- A toll-free number to contact The Rate Outlet Funding for information and assistance
- Instructions to place Fraud Alerts with the credit repositories and the offer of assistance in this matter
- Free credit monitoring for the customer provided by The Rate Outlet Funding for a period of no less than one year