GLBA Data Protection Policy

Last Updated:  January 2024

Purpose:

Hill Redaction Services is committed to protecting the security and confidentiality of nonpublic personal information (NPI) in compliance with the Gramm-Leach-Bliley Act (GLBA) and other applicable laws and regulations. This policy outlines the measures and controls implemented to safeguard NPI collected, processed, and maintained by the organization.

Scope:

This policy applies to all employees, contractors, and third-party service providers who have access to NPI in the course of their duties at Hill Redaction Services. It encompasses all systems, processes, and activities involving the collection, use, storage, and disclosure of NPI.

Definitions:

Nonpublic Personal Information (NPI): Personally identifiable financial information provided by customers to Hill Redaction Services in the course of obtaining financial products or services.

Covered Entity: Hill Redaction Services and its affiliates that are subject to GLBA requirements.

Data Protection Controls:

Hill Redaction Services implements the following controls to protect the security and confidentiality of NPI:

  •  Access Controls: Limit access to NPI to authorized individuals on a need-to-know basis. Implement user authentication mechanisms, role-based access controls, and segregation of duties to prevent unauthorized access.
  • Data Encryption: Encrypt NPI during transmission and storage using industry-standard encryption algorithms to prevent unauthorized interception or access.
  • Secure Storage: Store NPI in secure, access-controlled environments with appropriate physical and logical safeguards to prevent unauthorized disclosure or tampering.
  • Data Disposal: Implement procedures for the secure disposal of NPI in compliance with GLBA requirements. Ensure that NPI is properly shredded, deleted, or anonymized when no longer needed for business purposes.
  • Incident Response: Maintain incident response procedures to promptly identify, assess, and respond to security incidents involving NPI. Notify affected individuals and regulatory authorities as required by law in the event of a data breach.
  • Employee Training: Provide regular training and awareness programs to employees on GLBA requirements, data protection best practices, and their responsibilities for safeguarding NPI.

Third-Party Oversight:

Ensure that third-party service providers with access to NPI adhere to data protection requirements consistent with GLBA standards. Conduct due diligence assessments, contractual reviews, and periodic audits to monitor compliance with data protection obligations.

Compliance Monitoring and Reporting:

Establish mechanisms for ongoing monitoring of compliance with this policy, including periodic reviews, audits, and assessments. Designate a compliance officer responsible for overseeing GLBA compliance efforts and reporting to senior management and regulatory authorities as required.

Policy Review and Updates:

This policy will be reviewed and updated as necessary to reflect changes in regulatory requirements, business operations, or security risks. Employees will be notified of any material changes to this policy.

Enforcement:

Failure to comply with this policy may result in disciplinary action, up to and including termination of employment or contract termination, in accordance with Hill Redaction Service’s disciplinary procedures.

Contact Information:

For questions or concerns regarding this policy or to report suspected violations, contact our data protection officer at:

DPO@hillredact.com

 

End of Policy.