Gramm-Leach-Bliley Act Compliance (GLB Act or GLBA)

The Gramm-Leach-Bliley Act (GLB Act or GLBA), also known as the Financial Modernization Act of 1999, is a federal law enacted in the UnitedStates to control the ways that financial institutions deal with the private information of individuals. The Federal Trade Commission (FTC) is one of eight federal agencies that enforces provisions of Gramm-Leach Bliley.

Who must comply with this law?

GLBA applies to all businesses, regardless of size, that provide financial products or services to consumers. This includes Banks, Securities Firms, Insurance Companies, Automobile Leasing Companies, Travel Agencies connected to Financial Services, Retailers that issue their own consumer credit cards, Check-cashing businesses, Payday lenders, Mortgage brokers, Nonbank lenders, Personal property or Real estate appraisers, Professional tax preparers, and Courier services. The law also applies to companies like credit reporting agencies and ATM operators that receive information about customers of other financial institutions.

GLBA compliance is mandatory. Whether or not a financial institution discloses NPI (Non Public Information) or PII (Personally Identifiable Information), there must be a policy in place to protect the information from foreseeable threats in security and data integrity.

Requirements for GLBA Compliance

The Act consists of three sections:

  1. The Financial Privacy Rule, which regulates the collection and disclosure of private financial information. This rule requires financial institutions to provide each consumer with a privacy notice at the time the consumer relationship is established and annually thereafter;
  2. The Safeguards Rule, which stipulates that financial institutions must implement security programs to protect such information. This rule requires financial institutions to develop a written information security plan describing its processes and procedures for protecting clients’ NPI; and
  3. The Pretexting provisions, which prohibit the practice of pretexting (accessing private information using false pretenses).
The Act also requires financial institutions to give customers written privacy notices that explain their information-sharing practices.

The Penalties for GLBA Non-Compliance

GLBA calls for severe civil and criminal penalties for noncompliance, including fines and imprisonment. If a financial institution violates GLBA:
  • The institution is subject to a civil penalty of upto $100,000 for each violation
  • Officers and directors of the institution are liable for a civil penalty of upto $10,000 for each violation
  • The institution and its officers and directors are subject to fines or imprisonment for upto five years, or both.
These penalties are enough to scare businesses into compliance, as the costs of a GLBA violation go beyond paying legal fines and providing credit monitoring services. GLBA compliance, like all data security measures, comes down to ensuring that sensitive data can only be accessed by those authorized to access it.

How can we help?

The financial sector continues to be a prime target for highly sophisticated, customized attacks. The SWIFT money transfer system recently came under attack resulting in an $81 million heist of the Bangladesh Bank. This number pales in comparison to an estimated $1 billion stolen from over 100 banks worldwide – approximately 30 countries, by the Carbanak Group. The impact of these data breaches in finance is significant, costing financial institutions $221 per stolen record on average.

In addition to protecting consumer data and financial records, Financial Institutions must also deal with auditing mandates for FFIEC, SOX, PCI DSS, and a patchwork of federal, state, and industry regulations. We at 24By7Security, know the law, and our team has right skills and knowledge to help you be GLBA compliant — you never know how priceless your security investment is until it’s too late. So Call Us Today!! 

Schedule a Call

24By7 Security