What are the New FTC Requirements for GLBA?

The GLBA Overhaul: What you Need to Know

New FTC data requirements are coming into effect by year’s end.

The changes are expected to have a major impact across industries, including those outside the financial sector.

In late 2021, the Federal Trade Commission made amendments to the Gramm-Leach-Bliley Act (GLBA) a law requiring data security policies for financial institutions.

The amendments made significant changes to how an information security program should be designed, what it must include, and who needs to be in charge. Experts note how tweaks to GLBA are part of a larger trend in government regulation and bear strong similarities to other recent data legislations such as New York’s Cybersecurity Requirements for Financial Services Companies (CRFSC).

The new FTC requirements mandate all changes to GLBA be implemented by December 2022.

The Run-Down

Not all the amendments to GLBA are that consequential.

The most important changes to the bill are in Section 314.4 which addresses the development, implementation, and maintenance of security regimens. This section has been completely overhauled. Here’s the breakdown of what’s different:

Designated Oversight – The bill now requires a “qualified individual” must oversee security programs


Testing and Monitoring – Controls must be put in place to ensure security measures are active.

Policies and Procedures – Employees must be provided with security awareness training and qualified information security personnel must be on staff.

Service Provider Oversight – Companies must select service providers capable of maintaining appropriate safeguards

Reporting – A detailed incident response plan must be drawn up, and security reports must be prepared and issued annually.

Streamlining Compliance with AI

With regulation growing in volume and complexity, it’s no surprise companies are concerned about the resources needed to achieve compliance.

GTB is a system designed to simplify and streamline data security at the enterprise level.

Using smart algorithms, GTB optimizes data protection policies, providing tailored controls to provide maximum data loss protection.

With the efficiency of its AI-powered platform, GTB provides seamless Data Security and virtually eliminates false positives, ensuring that compliance does not come at the expense of business operations.   

GTB Data Security Benefits for SRM Admins

Comments are closed.
Want to see something cool?

Want Easy Access to
Data Security that Works?

Secure your Sensitive Data, including from  Remote Users

Try it for Free