What is GLBA?
The Gramm-Leach-Bliley Act (GLBA) was organized in 1999 with the intention of controlling the means in which financial institutions deal with private information of individuals. The Act is composed of three sections: The Financial Privacy Rule, which manages the collection and disclosure of private financial information; the Safeguards Rule, which requires the implementation of data security programs; and the Pretexting provisions, which prohibit the practice of pretexting. GLBA also sets the requirements for customer privacy notices, which explain the financial institutions information-sharing practices.
Eight federal agencies and the states are given the authority to administer and enforce the Financial Privacy Rule and the Safeguards Rule . These two regulations apply to financial institutions, which include not only banks, securities firms, and insurance companies, but also any company who provides a financial product or service to consumers. Financial services include: brokering or servicing any type of consumer loan, lending, transferring or safeguarding money, preparing individual tax returns, providing financial advice or credit counseling, providing residential real estate settlement services, collecting consumer debts.
Basic rules on GLBA compliance:
GTB Technologies' GLBA compliance solution - Accuracy on all ports and protocols:
The GLB Act applies to financial institutions. Non compliant financial institutions face costly penalties, which can include fines up to $100,000 per violation and $192 per record lost in restitution. The definition of a financial institution is very broad according to the Federal Trade Commission. An organization that works with people's money is generally considered a financial institution. Naturally a bank, credit union or brokerage is required to maintain GLB compliance; however, other types of businesses are also included in GLBA. Some examples from the FTC include: preparers of income tax returns, consumer credit reporting agencies and credit counseling services, real estate transaction settlement services and debt collection agencies. In addition to the direct providers of those services, any organization that receives data from those providers must also comply with GLB requirements.