GLBA refers to Gramm-Leach-Bliley Act (also known as the Financial Services Modernization Act of 1999) which aims to protect the private information of consumers. In this article, we took a closer look at GLBA requirements.
GLBA refers to Gramm-Leach-Bliley Act (also known as the Financial Services Modernization Act of 1999) which aims to protect the private information of consumers. It concerns the financial institutions that offer financial services and products such as loans, insurance, financial and/or investment advice.
Gramm-Leach-Bliley Act concerns the institutions that operate within the borders of the United States of America and consists of three different sections:
The Financial Privacy Rule: This section aims to regulate the collection of private financial information and restricts its disclosure and mandates the institutions to notify their customers on their privacy policies.
The Safeguards Rule: This section requires the financial institutions to adopt proper security programs that aim to protect personal financial information.
Pretexting Provisions: This section prohibits all kinds of pretexting practices. Pretexting refers to the methods of acquiring private information under false pretenses.
GLBA compliances are required for all sizes of institutions that offer financial services. Companies that are not considered as ‘financial’ institutions like mortgage brokers, retailers that issue credit cards and such are also within the scope of GLBA compliances. Below you can find a list of business actions that makes your business non-exempt from the GLBA regulations.
GLBA Compliance Checklist
In order to make sure that your business complies with GLBA requirements, you must meet the principles below:
Guaranteeing the security and confidentiality in regards to NPI
Protecting your organization against unauthorized access that can potentially harm your customers or cause any inconveniences for them
Protecting your organization against any threats targeting the integrity and/or security of NPI
In this article, we offer you 10 simple steps to make sure that your organization complies with the GLBA regulations.
In order to make necessary adjustments, you must first understand the act thoroughly. For this purpose, you can ask help from your legal experts.
For the second step, you must understand the potential risks regarding NPI and detect the threats and vulnerabilities that can endanger sensitive information.
Examiners of GLBA often asks for proof regarding your organization’s ability to control all threats and vulnerabilities regarding the sensitive information.
Make sure that you don’t have any ill intended employees that can harm and/or endanger your organization.
If you opt for using a service provider in regards to your NPI needs, you must definitely make sure that your service provider complies with GLBA.
You must make sure that your organization meets the related requirements and inform your customers on this issue.
Make sure that you have appropriate and updated response plans. You must test all your plans every year and update when necessary.
In accordance with the Safeguards Rule, your organization must provide a written plan on information security.
Your organization is required to provide annual reports to GLBA Board.
Modern cyber threats are more sophisticated and fast such as malware, phishing, cryptojacking, and IoT threats.
The biggest cyber-attacks of 2019 are Facebook User Data Leak, Capital One Breach, Quest Diagnostic Breach, DoorHash Hack, and Canva Hack.