Gramm-Leach-Bliley Act (GLBA) and My Docs Online
The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.
Although My Docs Online is not a financial services company some of our customers are, and companies covered by the Safeguards Rule are responsible for taking steps to ensure that their service providers (in this case My Docs Online) safeguard customer information in their care.
Documentation related to My Docs Online compliance includes:
Security Statement
Privacy Statement
Service Agreement
In addition “best practices” on the part of the My Docs Online customer to ensure compliance include:
- Use a multi-user account (Administrator ID plus multiple group User IDs)
- Avoid the shared use of individual group User IDs except where justified by shared work role and information access rights
- Set appropriate folder permissions based on the access privileges of each group User ID
- Avoid using “Share” to deliver files. Instead, allocate group User IDs and set folder permissions for those User IDs as needed. If you do use the Share feature it is recommended that you require passwords for all Shares, and that you communicate the password securely and separately from the Secure Share link itself
- Enforce transmission encryption by requiring the use of HTTPS for all group User IDs (this is the My Docs Online default setting)
- Safeguard User IDs and passwords
- Assign strong passwords, using a mixture of letters and numbers, or special characters or upper and lower case
- Avoid the inclusion of individually identifiable information in the names of uploaded files or comments associated with files
- If the Desktop App “Lock & Open” feature is used to edit files, you may wish to configure accounts to “Delete Local Copies” for enhanced compliance
It is worth noting that My Docs Online is HIPAA compliant and is commonly used for storing and delivery of electronic files containing Protected Health Information (PHI). HIPAA compliance is at least as stringent or more stringent than GLBA compliance.