If my insurance company is compliant with Gramm-Leach-Bliley, am I?
NO - All Pennsylvania Licensees are required to comply with the Safeguard sections of the law. It is the responsibility of each licensee to carry out and implement these regulations. Both the insurance company as well as individual producers must separately comply with these regulations. If the insurance company is compliant, and you are out of compliance, then your liability may increase putting your commissions at risk.
I am compliant on the investments side of my business and my broker-dealer does audits. Does this carry-over?
NO - This compliance relates specifically to the sale of investment instruments and will not in way cover you under Gramm Leach Bliley or the PA regulations. The regulations are specific to your license to sell insurance in the State of PA and differ significantly.
I’ve been trained on Security & Identity theft issues by an insurance company; is that enough to make my organization compliant?
NO - Training is just one small part of what each licensee is required to do under the law. Each licensee must conduct a risk assessment, create a policy and procedure manual, make appropriate changes in their businesses, be trained and train employees, record that training for auditors, monitor their information systems including both paper and electronic and then regularly check and update their policies and procedures. Being trained does not make you compliant with the law.
I believe I’ve made all the necessary changes to my business to comply; am I compliant?
Maybe - Did a risk analyst evaluate your office’s risk? Did a legal advisor who understands the law and your computer systems evaluate your service contracts along with your administrative and electronic systems? Did computer security professionals evaluate your computer systems and or your web site? Have your people been trained by a qualified person, do have a regular training schedule and do you keeps records of those training sessions? Do you have a system in place to monitor changes? If you don’t know then, the Maybe becomes a NO.
I have successfully completed all aspects of compliance including receiving an assessment from a qualified party. Can I forget about this issue?
NO - The law states that each licensee must continue to monitor and adjust your program for changes in your business. These changes can be anything from hiring a new employee to doing nothing. Yes, doing nothing. Your office might remain the same for 20 years but the world around you is changing. The law requires you to look at the changes and adjust your office if needed. The question is: Are you absolutely sure you know what is needed?