The GLBA affects all financial institutions directly. This comprehensive guide provides an in-depth understanding of the GLBA, including all its latest updates and amendments. Let’s dive in.
Intro to the GLBA
The Gramm-Leach-Bliley Act (GLBA for short) is a US federal law that requires “financial institutions” – defined as companies offering customers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.
3 Must-Know Components of the GLBA
Initially enacted in 1999 by the Federal Trade Commission, the GLBA has seen many updates over the past decades. The most noteworthy is the addition of the “3 Main GLBA Rules”.
1. Financial Privacy Rule
The GLBA Financial Privacy Rule “requires financial institutions to provide particular notices and comply with limitations on the disclosure of nonpublic personal information (PII). Think of this rule as the one requiring financial institutions to explain to their customers what PII they collect and how it’s managed and protected.
Under the Financial Privacy Rule, financial institutions must:
- Provide a notice of its privacy policies and practices,
- Include both affiliated and nonaffiliated third parties in these notices,
- Allow customers to opt out of having their PII disclosed to nonaffiliated third parties.
The Financial Privacy Rule also defines “consumer”, “client”, and “customer” relationships, and requires financial institutions to notify consumers of any changes to their privacy policy.
2. Safeguards Rule
Added in 2002, the Safeguards Rule implemented data security requirements for all financial institutions. And the GLBA enforces these safeguards by having them all develop a written information security plan that describes how the company is prepared for, and plans to continue to protect its clients’ nonpublic personal information.
This written information security plan must include the following:
- At least one employee is designated to manage the safeguards,
- A thorough risk analysis of each department handling PII,
- The development, monitoring, and testing of a program to secure all information,
- Frequent reviews and updates made to the security plan to mirror how information is contemporarily collected, stored, and used.
The Safeguards Rule also forces financial institutions to take a closer look at how they manage private data and to perform a risk analysis on their current processes.
3. Pretexting Rule
“Pretexting”, also known as “social engineering”, occurs when someone tries to gain access to an organization’s PII without proper authority to do so. This rule aims to protect institutions from suffering data leaks by properly training and regularly testing their employees to recognize, avoid, and report phishing schemes.
If you’re concerned about pretexting in your company, then you’ll find everything needed to create the Perfect Employee Training here.
Data Responsibility
Alongside its 3 primary components, the GLBA also requires financial institutions to designate a “Data Officer”. This employee (or employees) is tasked with overseeing and coordinating the company’s information security program.
Implementing such a plan can be a monumental task, especially for large companies, which often choose to create an entire department to cover their data security. However, it’s important to note that the GLBA requires all financial institutions to identify a single individual who is ultimately responsible for the entire program.
And that person must possess the proper qualifications relevant to the size and complexity of the given institution.
Other Notable GLBA Requirements
Become GLBA Compliant
The GLBA is a complex regulation, strictly enforced by the US government. In fact, each GLBA fine can reach as high as $100,000 per violation. Plus, protecting your customers’ PII is both the right thing to do and good for your corporate reputation.
That’s why PII Tools helps companies manage GLBA compliance with 360° data discovery, automated scanning, 99+% accuracy, in-house audits, and more. And if the worst should happen, PII Tools even provides comprehensive Data Breach Incident management.
So, do what’s best for your company, customers, and data security by achieving GLBA compliance today!
Are You Up-To-Date on GLBA Compliance? Let PII Tools Data Discovery Software do the Heavy Lifting!
