Gramm-Leach-Bliy Act (FCA): A Case Study
Issue: The issue covering this memo is whether Fast Funds, the company, is considered a covered entity under Fair Credit Reporting Act (FCRA) or not, if so under what scenarios is the company considered covered entity, and what steps the company should take to protect the personally identifiable information (PII) of the consumers.
Rules: Fair Credit Reporting Act (FCRA) relates to protection of consumer credit information by credit reporting agencies (CRA) and other businesses that handle credit information. FCRA outlines significant responsibilities for CRAs and other covered business entities. A company becomes a covered entity under FCRA when it “procures and uses information when granting credit, furnishes and transmits information by reporting information to CRA or other third parties, or markets credit or insurance product.”[1] FCRA also mentions that, “Given the preponderance of electronically available information and the growth of identity theft, financial institutions should manage the risks associated with obtaining and using consumer reports.” [1]
Gramm-Leach-Bliley Act (GLBA) was introduced in 1999 to protect consumer privacy when data is shared …show more content…
The company is obligated to assess the risks associated with obtaining consumer reports and manage the data to the best of its abilities. Consumer credit reports consist of personally identifiable information (PII). PII for the company includes social security number, name, date of birth, address, driver license number, etc. The company should have adequate cybersecurity infrastructure to deal with the data storage and transmission of the data through the app. As required by FTC in the Safeguards Rule, the company should develop a written information security program outlining what the information security plan of the company is and how we handle sensitive consumer data like social security, other PII and financial
Rules: Fair Credit Reporting Act (FCRA) relates to protection of consumer credit information by credit reporting agencies (CRA) and other businesses that handle credit information. FCRA outlines significant responsibilities for CRAs and other covered business entities. A company becomes a covered entity under FCRA when it “procures and uses information when granting credit, furnishes and transmits information by reporting information to CRA or other third parties, or markets credit or insurance product.”[1] FCRA also mentions that, “Given the preponderance of electronically available information and the growth of identity theft, financial institutions should manage the risks associated with obtaining and using consumer reports.” [1]
Gramm-Leach-Bliley Act (GLBA) was introduced in 1999 to protect consumer privacy when data is shared …show more content…
The company is obligated to assess the risks associated with obtaining consumer reports and manage the data to the best of its abilities. Consumer credit reports consist of personally identifiable information (PII). PII for the company includes social security number, name, date of birth, address, driver license number, etc. The company should have adequate cybersecurity infrastructure to deal with the data storage and transmission of the data through the app. As required by FTC in the Safeguards Rule, the company should develop a written information security program outlining what the information security plan of the company is and how we handle sensitive consumer data like social security, other PII and financial