The Gramm-Leach-Bliley Act (GLBA) is a U.S. federal law that requires financial institutions to safeguard the confidentiality of personally identifiable information (PII). Data that falls under the requirements of GLBA includes names, addresses, birth dates, social security numbers, personal income, credit and tax history, education level, banking, biometrics and geolocation data, academic performance, employment, and internet data.
The Federal Trade Commission (FTC) and other federal and state banking agencies have authority to enforce GLBA. Compliance failure penalties can be severe, up to $100K per violation; officers and directors can be fined up to $10K, imprisoned for five years or both. GLBA penalites have been levied against notable firms.
The SureShield platform simplifies GLBA compliance by automating technical controls and guiding you through operational controls. SureShield’s automation will reduce your overall GLBA compliance cost by up to 70% when compared to traditional, labor-intensive compliance methods. For organizations requiring compliance to multiple frameworks, crosswalk automation drives cost savings up toward 90%.
Requires financial institutions to give every consumer a privacy notice at the time the consumer relationship is established and then on an annual basis.
Requires financial institutions to develop a written plan to describe how the company will protect clients' nonpublic personal information.
Financial institutions must have a protection strategy to prevent access to data through trickery, thus the name Pretext Protection.
GLBA requires companies to develop privacy practices and policies regarding collecting, selling, sharing, and reusing consumer information. Consumers also must be given the option to decide which information, if any, a company is permitted to disclose or retain.
GLBA’s PII guidelines apply to non-public personal data provided by customers to facilitate transactions or otherwise gathered by the institution. GLBA compliance is intended to decrease data breaches and resulting fallout. GLBA has become a top priority for CIOs and other IT professionals who manage corporate data.
The approach to GLBA compliance is not unlike other risk mitigation strategies.
One key component of the GLBA is the Safeguards Rule, which mandates that covered entities develop and maintain reasonable administrative, technical, and physical safeguards to protect customer information. Updates to the GLBA Safeguards Rule in 2024 include:
Activate GLBA framework
Install scanner for compliance evidence gathering
Review baseline evidence to score compliance control status
Close compliance gaps
Ongoing compliance and gap surveillance
Enforced maintenance of compliance readiness
Do you need help assessing your compliance readiness? Learn how our automated crosswalk technology will dramatically reduce your labor requirements. Schedule your free consulting session, up to 1 hour.