Cybersecurity

GLBA Compliance; The Data Protection Requirements of the Gramm-Leach-Bliley Act

GLBA is a federal law that requires financial institutions to share information in an open and transparent way. Learn how it helps protect your data.

GLBA Meaning

GLBA stands for Gramm Leach Bliley Act. It is a federal law that requires financial institutions to share information in an open and transparent way, give customers the option of opting out if they want their personal data not shared with third parties, and apply specific protections for customer private data.

The GLBA is enforced by various federal agencies, state insurance oversight agencies and the FTC.

GLBA Requirements

The act has three main sections, which are broken down into two rules and a set of provisions. The term “3 Rules” seems to have been adopted because the legislation is meant to be easy for people to understand.

These three measures are designed to help organizations covered by the legislation know how they're doing.

  • The types of data to protect
  •  The bill will require employers to offer paid leave for employees who are not able to work because of illness or injury, pregnancy, childbirth and adoption.
  • Preventing unauthorized access to customer data

GLBA components:

The Financial Privacy Rule is a law that requires financial institutions to protect the privacy of consumers. This rule covers most personal information (name, date of birth, Social Security number) as well as transactional data (card numbers). It also includes private information you may acquire during transactions with these companies or entities.

The Safeguards Rule of GLBA ensures that those under the law have specific means to protect private information. For example, they need administrative, technical or physical safeguards for processing and storing customer data.

Notable requirements include:

  • Employee training
  • Proper software
  • There are many ways to test and monitor vulnerabilities on your website.

Pretexting Provisions: There are many scams to get personal information, and the GLBA tries to prevent this from happening. One way is by adding pretexting provisions which make it harder for these companies trying to steal data.

Advantages of GLBA Compliance

The GLBA Safeguards Rule protects both banks and their customers from unauthorized sharing or loss of private customer data. It also includes several privacy benefits for the bank's clients, such as:

  • Private information needs to be protected from unauthorized access.
  • Customers need to know when their information is being shared and should be able to opt out of it.
  • When using the system, it must be recorded if someone tries to access a private record.

The GLBA helps protect consumer and customer records, which builds trust with customers. This results in repeat business for financial institutions.

GLBA Compliance

The GLBA requires financial institutions to protect their customers’ nonpublic personal information. The Safeguards Rule states that all covered financial institutions must create a written security plan, tailored specifically for the institution's size and complexity. It also says each institution has to have an information protection program in place.

  • Designate a security manager to oversee the company's information security program.
  • Identify the risks to customer information and assess how well current safeguards are controlling those risks.
  • Design and implement a safeguards program, such as the use of passwords to protect your important documents.
  • Make sure you work with service providers that have the appropriate safeguards, make sure your contract has these safeguards in it and also monitor how they are handling customer information.
  • Make changes to the program as needed, such as if there's a change in business or operations.

The Safeguards Rule requires that financial institutions pay special attention to employee management, information systems and security during the implementation of an Information Security Plan.

GLBA Sanctions

Once a GLBA non-compliance allegation is proven, the punishment can have drastic consequences for both your business and personal life.

Some sanctions for non-compliance are:

If a financial institution is found in violation, they can be fined $100,000 for each offense. Likewise if an individual who was responsible for hiring practices at the company is found to have violated those policies and procedures then that person will also face fines of up to $10,000 per violation as well as prison time up to 5 years.

Models of Non-Compliance Allegations

There have been a few recent allegations, including: -A company was found to be discriminating against people of color in hiring practices. -One employee alleged that they were being harassed by their boss because of race and gender.

  • PayPal allegedly violated many regulations, including the Federal Trade Act and the GLBA. This one source said that PayPal also violates privacy laws by violating each of these regulations.
  • The FTC used the GLBA to enforce against some mortgage companies for violating certain terms.
  • The FTC filed a complaint and settlement against Mortgage Solutions FCS, doing business as Mount Diablo Lending, for posting sensitive personal information from individuals’ mortgage applications to Yelp reviews.

Best Ways To Maintain GLBA Compliance

The GLBA is about protecting consumer data by requiring financial institutions to protect confidentiality and security of customer information. If they don't, then there could be penalties or even the end of their business.

Protect Your Organization from Cybersecurity Threats

SecurityStudio helps information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.

No items found.
Sign up for our newsletter

Receive monthly news and insights in your inbox. Don't miss out!

education
Industry insights
NEWS & EVENTS