The Gramm-Leach-Bliley Act (GLBA) is a U.S. law that went into effect on June 9, 2023. This law mandates financial institutions to safeguard customer data. The Federal Trade Commission (FTC), in enforcing the GLBA, introduced the Safeguards Rule, which outlines specific measures for ensuring the security of customer information. One key requirement of the Safeguards Rule is the implementation of a Written Information Security Plan (WISP).
Tax and accounting professionals are categorized as financial institutions under the GLBA, regardless of their size. This classification extends to various entities such as mortgage brokers, real estate appraisers, universities, nonbank lenders, and check-cashing businesses, all of which are subject to the Safeguards Rule.
As part of compliance, the FTC mandates each firm to:
- Designate one or more employees to coordinate its information security program.
- Identify and assess risks to customer information in different areas of the company’s operation and evaluate the effectiveness of existing safeguards.
- Design and implement a safeguards program, regularly monitoring and testing it.
- Select service providers with appropriate safeguards, ensuring contracts require them to maintain safeguards and oversee the handling of customer information.
- Evaluate and adjust the program based on relevant circumstances, including changes in the firm’s business or operations, and results from security testing and monitoring.
If you would like more information about the IRS requirements, refer to IRS publications 5708 and 5709
IRS Publication 5708 (10-2022)
IRS Publication 5709
Federal Trade Commission Rule Takes Effect on June 9, 2023, Requiring WISP
If you would like help getting started meeting these requirements, please CONTACT US, to get started.