The GLBA Overhaul: What you Need to Know
New FTC data requirements are coming into effect by year’s end.
The changes are expected to have a major impact across industries, including those outside the financial sector.
In late 2021, the Federal Trade Commission made amendments to the Gramm-Leach-Bliley Act (GLBA) a law requiring data security policies for financial institutions.
The amendments made significant changes to how an information security program should be designed, what it must include, and who needs to be in charge. Experts note how tweaks to GLBA are part of a larger trend in government regulation and bear strong similarities to other recent data legislations such as New York’s Cybersecurity Requirements for Financial Services Companies (CRFSC).
The new FTC requirements mandate all changes to GLBA be implemented by December 2022.
The Run-Down
Not all the amendments to GLBA are that consequential.
The most important changes to the bill are in Section 314.4 which addresses the development, implementation, and maintenance of security regimens. This section has been completely overhauled. Here’s the breakdown of what’s different:
Designated Oversight – The bill now requires a “qualified individual” must oversee security programs
Testing and Monitoring – Controls must be put in place to ensure security measures are active.
Policies and Procedures – Employees must be provided with security awareness training and qualified information security personnel must be on staff.
Service Provider Oversight – Companies must select service providers capable of maintaining appropriate safeguards
Reporting – A detailed incident response plan must be drawn up, and security reports must be prepared and issued annually.
Streamlining Compliance with AI
With regulation growing in volume and complexity, it’s no surprise companies are concerned about the resources needed to achieve compliance.
GTB is a system designed to simplify and streamline data security at the enterprise level.
Using smart algorithms, GTB optimizes data protection policies, providing tailored controls to provide maximum data loss protection.
With the efficiency of its AI-powered platform, GTB provides seamless Data Security and virtually eliminates false positives, ensuring that compliance does not come at the expense of business operations.
GTB Data Security Benefits for SRM Admins
Visibility: Accurately, discover sensitive data; detect and address broken business process, or insider threats including sensitive data breach attempts.
Protection: Automate data protection, breach prevention and incident response both on and off the network; for example, find and quarantine sensitive data within files exposed on user workstations, FileShares and cloud storage.
Notification: Alert and educate users on violations to raise awareness and educate the end user about cybersecurity and corporate policies.
Education: Start target cyber-security training; e.g., identify end-users violating policies and train them.
- Employees and organizations have knowledge and control of the information leaving the organization, where it is being sent, and where it is being preserved.
- Ability to allow user classification to give them influence in how the data they produce is controlled, which increases protection and end-user adoption.
- Control your data across your entire domain in one Central Management Dashboard with Universal policies.
- Many levels of control together with the ability to warn end-users of possible non-compliant – risky activities, protecting from malicious insiders and human error.
- Full data discovery collection detects sensitive data anywhere it is stored, and provides strong classification, watermarking, and other controls.
- Delivers full technical controls on who can copy what data, to what devices, what can be printed, and/or watermarked.
- Integrate with GRC workflows.
- Reduce the risk of fines and non-compliance.
- Protect intellectual property and corporate assets.
- Ensure compliance within industry, regulatory, and corporate policy.
- Ability to enforce boundaries and control what types of sensitive information can flow where.
- Control data flow to third parties and between business units.
Finance Industry
IT services
Banking
Finance
Energy and Utilities Industry Management