The Gramm-Leach-Bliley Act (GLBA) is an act from congress that was put in place in 1999 to repeal the Glass Steagal Act of 1933. GLBA is also referred to as the Financial Services Modernization Act of 1999. While GLBA has many stipulations, there are two primary areas when it comes to Information Security requirements. This includes the Privacy Rule and the Safeguards Rule.
The FTC Safeguards Rule applies to many organizations that receive non public information (NPI). A few examples are listed below:
There are a number of enforcement bodies within the United States. The FTC and federal banking agencies are the most common enforcement agencies. The other enforcement agencies can be the State Attorney General, the State Insurance Commissioners, or the Consumer Financial Protection Bureau. The Office of the Comptroller of the Currency and the Securities Exchange Commission are also enforcement bodies.
The enforcement bodies may issue large fines. They may also issue consent orders that require security controls. The Consumer Financial Protection Bureau (CFPB) provides the latest enforcement actions on their website:
Cyber Security Services (CSS) assists financial institutions, banks, credit unions, lending companies, higher education, and government organizations. We understand the requirements of GLBA compliance better than most due to the many hats that we wear. Here is how we help companies maintain GLBA compliance:
At CSS, we help with your Risk and Compliance programs. We also setup standards that make sense for your industry. If a program already exists, we piggyback off of what you are currently doing and make adjustments as needed.
We understand that vCISO is focused on strategic risk and compliance objectives throughout the year, but some organizations require hands-on cybersecurity expertise. Our team of professionals are ready to jump in where you need us the most. Our experts are assigned based on your specific needs.