According to the Gramm Leach Bliley Act (GLBA) of 1999, all financial institutions and those in lending stream should follow certain rules that help protect customer’s sensitive data. At the same time, they should maintain transparency while sharing information with other institutions and should evaluate their data security & protection practices from time to time to avoid any cyber incidents such as data breach and malware attacks.
Interestingly, the law also applies to all third parties and affiliates linked to the financial institutions that is covered under the GLBA Compliance.
Therefore, all businesses such as payday lending institutions, professional tax service firms, mortgage loan offering institutes, banks, and others dealing with critical data like social security numbers, phone numbers, addresses, banks, credit card info and income related information along with credit monitoring companies should select 3rd party service providers(Cloud service providers- CSPs) who have the operational ability to safeguard sensitive information only.
Companies adhering to the laws of GLBA Compliance should also hire dedicated team of professionals to supervise data protection and data destruction process as soon as the data reaches its end of life-cycle.
Also, as most data centers or server farms provide remote access to information to companies, it is better they set-up their own data destruction machinery at their premises as it helps them have full control of the sensitive information that is flowing out for termination.
While the data destruction process is being implemented, the client who owns the data and the data center that stores the information should indulge in the mechanism under supervision of both parties.