Question 26
UnclassifiedWhat is a core requirement of the FTC's GLBA Safeguards Rule?
Correct answer: B
Explanation
The FTC’s GLBA Safeguards Rule requires each covered financial institution to "designate a qualified individual" to oversee, implement, and enforce its information security program. The rule also requires a "written information security program" that is reasonably designed to protect customer information, so appointing that individual is a core compliance duty.
Why each option is right or wrong
A. Delete all customer information after one year
B. Appoint a qualified individual to oversee a written information security program
The FTC’s Safeguards Rule under the Gramm-Leach-Bliley Act, 16 C.F.R. Part 314, requires each covered financial institution to maintain a written information security program and to designate a qualified individual to oversee, implement, and enforce it. The rule was amended to make this designation explicit in 16 C.F.R. § 314.4(a), and the program must be reasonably designed to protect customer information against unauthorized acquisition, destruction, use, modification, or disclosure.
C. Obtain separate consent for every internal use of customer data
D. Store all customer records only on systems located in the United States