Login

GLBA

GLBA has become a top priority for CIOs

Framework Snapshot

The Gramm-Leach-Bliley Act (GLBA) is a U.S. federal law that requires financial institutions to safeguard the confidentiality of personally identifiable information (PII). Data that falls under the requirements of GLBA includes names, addresses, birth dates, social security numbers, personal income, credit and tax history, education level, banking, biometrics and geolocation data, academic performance, employment, and internet data.

The Federal Trade Commission (FTC) and other federal and state banking agencies have authority to enforce GLBA. Compliance failure penalties can be severe, up to $100K per violation; officers and directors can be fined up to $10K, imprisoned for five years or both. GLBA penalites have been levied against notable firms.

GLBA Automation: Compliance for Less

The SureShield platform simplifies GLBA compliance by automating technical controls and guiding you through operational controls. SureShield’s automation will reduce your overall GLBA compliance cost by up to 70% when compared to traditional, labor-intensive compliance methods. For organizations requiring compliance to multiple frameworks, crosswalk automation drives cost savings up toward 90%.

Become GLBA Compliant

Start Your FREE TRIAL


    *Required fields

    Rules

    The Financial Privacy Rule

    Requires financial institutions to give every consumer a privacy notice at the time the consumer relationship is established and then on an annual basis.

    The Safeguards Rule

    Requires financial institutions to develop a written plan to describe how the company will protect clients' nonpublic personal information.

    Pretext Protection

    Financial institutions must have a protection strategy to prevent access to data through trickery, thus the name Pretext Protection.

    GLBA requires companies to develop privacy practices and policies regarding collecting, selling, sharing, and reusing consumer information. Consumers also must be given the option to decide which information, if any, a company is permitted to disclose or retain.

    GLBA’s PII guidelines apply to non-public personal data provided by customers to facilitate transactions or otherwise gathered by the institution. GLBA compliance is intended to decrease data breaches and resulting fallout. GLBA has become a top priority for CIOs and other IT professionals who manage corporate data.

    The approach to GLBA compliance is not unlike other risk mitigation strategies.

    2024 Updates

    One key component of the GLBA is the Safeguards Rule, which mandates that covered entities develop and maintain reasonable administrative, technical, and physical safeguards to protect customer information. Updates to the GLBA Safeguards Rule in 2024 include:

    1. Data Breach Reporting: Non-banking institutions within the FTC’s jurisdiction must report data breaches affecting 500 or more people within 30 days of discovery, noting relevant details of impact and describing the event.
    2. Effective Date: The amended Safeguards Rule will become effective 180 days after it is published in the Federal Register, which is expected to occur in 2024.
    3. Compliance and Control: Many non-banking financial entities will be new to these reporting requirements. Preparing now will be critical for compliance and control.
    1

    Activate GLBA framework

    2

    Install scanner for compliance evidence gathering

    3

    Review baseline evidence to score compliance control status

    4

    Close compliance gaps

    5

    Ongoing compliance and gap surveillance

    6

    Enforced maintenance of compliance readiness

    Free COMPLiANCE Assessment

    Do you need help assessing your compliance readiness? Learn how our automated crosswalk technology will dramatically reduce your labor requirements. Schedule your free consulting session, up to 1 hour.

    schedule consultation

    EXPLORE OTHER POPULAR COMPLYSHIELD FRAMEWORKS