Insure the security and confidentiality of customer information. Protect against any anticipated threats or hazards to the security or integrity of such information. Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.
This rule requires that financial institutions provide a notice of its privacy policies and practices with respect to disclosure of consumer information to third parties. The rule also requires financial institutions to allow the consumer to opt-out of the disclosure of their personal information to a nonaffiliated third party.
This rule requires financial institutions to develop, implement and maintain a written information security program detailing the administrative, technical and physical safeguards that are in place to protect nonpublic financial information of its consumers. The information security program must be updated according to any changes in the organization or based on information gleaned from monitoring.