Review privacy procedures for risk exposure: KPMG

Risk exposure in the emerging world of privacy legislation is becoming a high priority for a wide range of industries due to a number of public security breaches demanding increased privacy awareness, according to a regulatory practice letter by KPMGs financial industry regulatory advisory services unit in the United States.Managing the collection, maintenance, use and disposal of nonpublic personal information (NPPI) is fundamental to mitigating these risks and requires consideration for the application of evolving regulatory guidance that can be used to safeguard NPPI effectively, the KPMG practice letter states. The practice letter goes on to list a range of applicable U.S. privacy legislation. The Gramm-Leach-Bliley Act, for example, requires financial institutions to give consumers privacy notices that describe the institutions information-sharing practices while giving consumers the right to opt out of certain types of such practices.The KPMG advisory also issues a number of recommendations for ensuring sound privacy protection. This includes a review of, and strengthening where appropriate, current privacy policies and controls including: Privacy program and audit program Written information security plan Privacy vendor risk management reviews Policies and procedures for data breach External announcements and consumer notices for data breach Employee training requirements Customer complaint programs Customer service offerings Information-sharing practices Consumer disclosures