With fines of up to $100,000 for each violation of the Federal Gramm-Leach-Bliley Act, for example, your business can’t afford to be uncertain about your regulatory compliance.
The Financial Modernization Act of 1999 — more commonly known as the Gramm-Leach Bliley Act (GLBA) — sets out new, far-stricter rules for how “financial institutions” must protect and keep private the financial information of individuals and families. We put “financial institutions” in quotations here because GLBA defines finance businesses more broadly than simply as banks and brokerage houses. Organizations regulated under the Act can include insurance companies, mortgage firms, car dealers and even some retailers — in short, any businesses that extend credit, issue credit cards or deal in other ways with consumers’ personal financial details.
Let’s assume you’re a financial services business, as GLBA would define it. And let’s further assume your organization already has protections in place for your data stored online or on your on-premises servers — encryption software, firewalls, anti-malware, intrusion detection, etc. Finally, let’s assume you have procedures in place for securely destroying data — as GLBA also demands — such as shredding hardcopy documents containing consumers’ financial details.
Assuming all of that, there is still one area of your document management, retention and security processes where many businesses fall short regarding compliance: your faxing processes. Businesses tend to neglect this area of their communications, even though it is often a primary method of transmitting their customers’ most sensitive personal data – like financial information.
As part of the mandatory controls it sets for data integrity and security — under the Safeguards Rule — GLBA requires firms to “take steps to ensure the secure transmission of customer information.”1 And a related but often-overlooked component of the Safeguards Rule is that a transmitted document lives on, in some form or another, long after it has been sent to your business. This means you are required to take steps to ensure faxes containing your customers’ Personally Identifiable Information (PII) must be secured in transit and then stored and archived securely as well.
Indeed, GLBA requires a comprehensive security process for any fax containing PII, not only while it’s in transit but also for years after you have received it. According to the rule, firms must “Maintain secure backup records and keep archived data secure by storing it off-line and in a physically-secure area.” 2
What secure faxing means in the context of GLBA
Due to the lack of privacy and inability to control “chain of custody” of a fax document, paper-based faxing (or faxing via unsecured or unencrypted servers) can leave your business vulnerable to non-compliance with GLBA.
Correctly implementing faxing into your organization to provide secure, real-time electronic delivery of financial data is crucial to complying with these mandates. eFax Corporate, combined with eFax Secure provides the digital faxing solution you need to close security gaps while remaining scalable enough to grow with your organization.
How secure cloud-faxing with eFax Corporate helps with compliance
Because cloud-fax service eFax Corporate transmits faxes securely via email, using highly secure Transport Layer Security (TLS) encryption, and then securely stores your faxes in the cloud — where they remain protected with AES 256-bit encryption3 — our service can help you meet the tough data security demands of GLBA.
Here’s the 3-step process to securing your GLBA-regulated financial-data faxes (all 3 of which are necessary to achieve compliance), with optional eFax Secure™ cloud faxing:
- 1. Secure electronic-fax transmission
eFax transmits your faxes electronically and securely, using TLS encryption, over the Internet. TLS provides a more secure algorithm, much harder to break than previous security protocols (SSL). This actually puts you in well out in front of GLBA’s Safeguards Rule, which demands a “secure connection” when sending customer data. 4
- 2. Secure fax storage online
Once you have received your fax by email or through a secure eFax Corporate® website, we will store a copy of that fax in the cloud for the life of your account, using AES 256-bit encryption — the highest levels of data encryption and security available today. Again, this secure storage is required by GLBA’s Safeguards Rule, which states firms must “know where sensitive customer information is stored and store it securely.” 5
- 3. Secure fax backup and recovery
Finally, your digital faxes will be secured on geographically dispersed, Tier-III and Tier IV Data Centers, for added redundancy and for fast and reliable retrieval or restore in the event a disaster destroys your copies of the files.
Offer your clients a secure-faxing solution:
eFax Corporate®, often complemented by eFax Secure™, is the ideal solution for regulatory-compliant online faxing. The service is hosted entirely in the cloud, largely self-managing (requiring far fewer IT man-hours than you’re currently devoting to fax issues), far more cost effective than your traditional fax infrastructure, and brings your organization in line with GLBA, SOX and other data-privacy regulations.
This is why eFax is entrusted every day to transmit millions of pages of sensitive corporate documents by businesses in the most heavily regulated industries, such as healthcare, legal and financial. Learn more at Enterprise.eFax.com.
1, 2, 4 and 5:
FTC guide to Complying with the Safeguards Rule
3: Advanced encryption services are available with eFax Secure.