Hello,
We are in the same building as the internal audit team. (I am a compliance team member). They are conducting a GLBA audit and are writing us up for not locking files/documents when going to the bathroom or going on lunch.
Please note we are in a secure building which contains only bank employees and you must have a badge to gain access. Granted from time to time a vendor may come in (the water delivery guy, or the shred company to pick up bins).
I understand the need to secure information overnight, but for me to take the time lock up a loan file when I go to the bathroom for five minutes seems like overkill.
Anyone have any thoughts on this. I'm looking through the reg and do not see anything THAT specific. Granted "Store records in a room or cabinet that is locked when unattended" can be interpreted any number of ways... anyone have any thoughts?
Any feedback would be greatly appreciated.
_________________________
The opinions expressed are mine, do not represent the opinions of my employer, and they are not to be taken as legal advice.