Regulation | Active Now
Also known as the Financial Services Modernization Act, the Gramm Leach Bliley Act (GLBA) applies to U.S financial institutions and governs the secure handling of non-public personal information including financial records and other personal information.
Thales provides solutions for Gramm-Leach-Bliley Act (GLBA) compliance through:
Section 501(b) of the Gramm-Leach-Bliley Act requires financial institutions to protect the security, confidentiality and integrity of non-public customer information through “administrative, technical and physical safeguards”. The Gramm-Leach-Bliley Act also requires each financial institution to implement a comprehensive written information security program that includes administrative, technical and physical safeguards appropriate to the size, complexity and scope of activities of the institution. These include:
For organizations affected by the standard, these Gramm-Leach-Bliley privacy regulations, combined with referenced requirements under the Federal Deposit Insurance Act – section 36, result in the need to:
Thales provides key portions of the solution to these Gramm-Leach-Bliley Act compliance problems including security controls that enable organizations to safeguard and audit the integrity of customer records and information against a broad range of threats. Thales supports these activities across widespread heterogeneous infrastructures that include virtualized environments, cloud and big data implementations as well as within traditional data centers. This single platform solution to multiple data protection needs helps organizations meet compliance requirements with low TCO and an easy-to-deploy, centrally managed infrastructure and solution set.
The combination of encryption, integrated key management and access controls meets the needs for creating and maintaining access controls to customer records and information. Only authorized personnel and programs see decrypted information, while all others have no access to the data. Security intelligence information from Thales details who accesses data, leaving a clear audit trail, and enables extended security controls warranted by today’s threat environment for recognizing compromised accounts when combined with a SIEM or Big Data for Security implementation.
SafeNet multi-factor authentication from Thales secures access to corporate networks, protecting the identities of users, and ensuring that a user is who he or she claims to be.
Vormetric Transparent Encryption from Thales provides file and volume level data-at-rest encryption and integrated, secure key management with a best practices implementation. Access controls and data access monitoring information extend protection by limiting data access to only personnel and programs authorized to do so, and provide the security intelligence information required to identify accounts that may represent a threat because of a malicious insider, or a compromise of account credentials by malware.
Vormetric Application Encryption from Thales adds another layer of protection, enabling organizations to easily build encryption capabilities into internal applications at the field and column level.
Vormetric Key Management from Thales enables centralized management of encryption keys for other environments and devices including KMIP compatible hardware, Oracle and SQL Server TDE master keys and digital certificates.
Thales’ SafeNet Hardware Security Modules (HSMs) provide reliable protection for transactions, identities, and applications by securing cryptographic keys and provisioning encryption, decryption, authentication, and digital signing services.
Perhaps the most comprehensive data privacy standard to date, GDPR affects any organisation that processes the personal data of EU citizens - regardless of where the organisation is headquartered.
Any organisation that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.
Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbour” clause.
