GLBA Compliance

What is GLBA?

FinTech

The Gramm-Leach-Bliley Act (GLBA) was organized in 1999 with the intention of controlling the means in which financial institutions deal with private information of individuals. The Act is composed of three sections: The Financial Privacy Rule, which manages the collection and disclosure of private financial information; the Safeguards Rule, which requires the implementation of data security programs; and the Pretexting provisions, which prohibit the practice of pretexting. GLBA also sets the requirements for customer privacy notices, which explain the financial institutions information-sharing practices.

Eight federal agencies and the states are given the authority to administer and enforce the Financial Privacy Rule and the Safeguards Rule . These two regulations apply to financial institutions, which include not only banks, securities firms, and insurance companies, but also any company who provides a financial product or service to consumers. Financial services include: brokering or servicing any type of consumer loan, lending, transferring or safeguarding money, preparing individual tax returns, providing financial advice or credit counseling, providing residential real estate settlement services, collecting consumer debts.

Basic rules on GLBA compliance:

  • Appoint an individual or group to bear specific responsibility for GLBA compliance.
  • Identify risks to customer information and assess existing safeguards.
  • Implement safeguards that are needed to fill any gaps.
  • Monitor the effectiveness of all safeguards.
  • Ensure service providers are capable of meeting GLBA requirements
  • Adjust the organization's security program as necessary when circumstances change.

GTB Technologies' GLBA compliance solution - Accuracy on all ports and protocols:

  • GTB's rule manager contains a pre-defined GLBA compliance rule, which defines GLBA secure data as anything containing first name, last name or initial with any of the following: Personal Account Number (PAN), social security number, ID number, or credit/debit card number
  • Secure data stored within the network and endpoint devices are discovered, exposed and protected
  • Discover, classify and inventory sensitive data - key for ensuring compliance
  • All outbound traffic across all network protocols is monitored for secure GLBA data, with nearly 100% detection and zero false positives
  • GLBA Data is prevented from being saved on removable media devices, such as: USB, CD/DVD or iPods
  • GTB supports auditing requirements with role-based options and detailed GLBA reporting

The GLB Act applies to financial institutions. Non compliant financial institutions face costly penalties, which can include fines up to $100,000 per violation and $192 per record lost in restitution. The definition of a financial institution is very broad according to the Federal Trade Commission. An organization that works with people's money is generally considered a financial institution. Naturally a bank, credit union or brokerage is required to maintain GLB compliance; however, other types of businesses are also included in GLBA. Some examples from the FTC include: preparers of income tax returns, consumer credit reporting agencies and credit counseling services, real estate transaction settlement services and debt collection agencies. In addition to the direct providers of those services, any organization that receives data from those providers must also comply with GLB requirements.