What is GLBA Compliance?
Also known as the Financial Services Modernization Act, the Gramm Leach Bliley Act (GLBA) applies to U.S financial institutions and governs the secure handling of non-public personal information including financial records and other personal information.
Requirements
Section 501(b) of the Gramm-Leach-Bliley Act requires financial institutions to protect the security, confidentiality and integrity of non-public customer information through “administrative, technical and physical safeguards”. The Gramm-Leach-Bliley Act also requires each financial institution to implement a comprehensive written information security program that includes administrative, technical and physical safeguards appropriate to the size, complexity and scope of activities of the institution. These include:
- Ensuring the security and confidentiality of customer records and information
- Protecting against any anticipated threats or hazards to the security or integrity of such records
- Protecting against unauthorized access to or use of such records or information, which could result in substantial harm or inconvenience to any customer
Implications
For organizations affected by the standard, these Gramm-Leach-Bliley privacy regulations, combined with referenced requirements under the Federal Deposit Insurance Act – section 36, result in the need to:
- Safeguard and monitor customer records and information
- Create and maintain effective risk assessments
- Identify, implement and audit specific internal security controls that protect this data