The Gramm-Leach-Bliley Act (GLBA) establishes important data security requirements for financial institutions. Here are the key requirements:
Safeguards Rule Requirements
Financial institutions must:
- Implement a comprehensive information security program to protect customer information
- Designate an employee or team responsible for coordinating the security program
- Identify and assess risks to customer information
- Design and implement safeguards to control identified risks
- Regularly test and monitor these safeguards
- Select service providers capable of maintaining appropriate safeguards
- Regularly evaluate and adjust the program as needed
Privacy Rule Requirements
Financial institutions must:
- Provide clear privacy notices explaining information collection and sharing practices
- Give customers the right to opt out of having their information shared with certain third parties
- Disclose what information is collected, with whom it’s shared, and how it’s protected
Pretexting Protection
Financial institutions must implement procedures to protect against “pretexting” (obtaining customer information under false pretenses).
Enforcement
GLBA is enforced by multiple agencies including the FTC, federal banking agencies, and state insurance authorities. Violations can result in significant penalties.
Would you like more specific information about any particular aspect of GLBA compliance? The Goliath Cyber team stands ready to assist you on your compliance journey.
Comments are closed