The information security controls needed to comply with the GLBA Safeguards Rule underwent a significant revision in December 2021. By December 9, 2022, several additional information security safeguards must be in place; otherwise, offenders will be deemed out of compliance.
Any entity that manages consumer financial information, whether in paper, electronic, or other media, must comply with the GLBA. This extends beyond traditional financial institutions.
All customer information in your possession is subject to the GLBA Safeguards Rule, regardless of whether it relates to people you have a business connection with or to clients of other financial institutions that have shared information with you. Here are some examples