Which of the following is not a required element of a company's safeguard policy under the GLB Act?

The correct answer is that contracting with a federally-insured company to destroy documents is not a required element of a company's safeguard policy under the Gramm-Leach-Bliley (GLB) Act.

The GLB Act's safeguards rule requires financial institutions to develop a written information security program that includes specific elements to protect consumer data. While it is certainly good practice to hire a reliable document destruction service that is federally insured as part of a comprehensive data security strategy, the act itself does not mandate this as a fundamental requirement. Instead, the focus is on establishing a program that designates responsible personnel, provides for evaluation and adjustment of security measures, and ensures that appropriate service providers are selected to help implement necessary safeguards.

Thus, while elements such as designating employees to coordinate security measures, regularly evaluating the procedures in light of new circumstances, and working with appropriate service providers are explicit requirements of the policy, the particular action of contracting with a specific type of company for document destruction falls outside the necessary obligations under the GLB Act.