GLBA Compliance

What is GLBA Compliance?

Let our Compliance, Security, and Risk experts Assist with your Cybersecurity Program

What is GLBA Compliance?

The Gramm-Leach-Bliley Act (GLBA) is an act from congress that was put in place in 1999 to repeal the Glass Steagal Act of 1933. GLBA is also referred to as the Financial Services Modernization Act of 1999. While GLBA has many stipulations, there are two primary areas when it comes to Information Security requirements. This includes the Privacy Rule and the Safeguards Rule. 

Do I need to Comply with GLBA?

The FTC Safeguards Rule applies to many organizations that receive non public information (NPI). A few examples are listed below:

  1. Banking Financial Institutions
  2. Insurance Companies
  3. A retailer that issues its own credit cards
  4. An automobile dealership that leases automobiles
  5. A personal property or real estate appraiser
  6. In some cases, financial professionals
  7. A business that prints or sells checks
  8. Any business that wires money to and from customers
  9. Any check cashing business
  10. Accountants and tax preparation service companies
  11. Travel agencies
  12. Real estate settlement services
  13. Mortgage Brokers
  14. An investment advisory company or credit counseling service
  15. Companies that bring buyers and sellers together
  16. Higher Education institutions that receive federal student aid under Title IV of the Higher Education Act of 1965.

What can happen if you don't comply with GLBA?

There are a number of enforcement bodies within the United States. The FTC and federal banking agencies are the most common enforcement agencies. The other enforcement agencies can be the State Attorney General, the State Insurance Commissioners, or the Consumer Financial Protection Bureau. The Office of the Comptroller of the Currency and the Securities Exchange Commission are also enforcement bodies. 

The enforcement bodies may issue large fines. They may also issue consent orders that require security controls. The Consumer Financial Protection Bureau (CFPB) provides the latest enforcement actions on their website:

GLBA Compliance – CFPB Enforcement Action Website

Company Strengths at a glance

Our Strong Points

Cyber Security Services (CSS) assists financial institutions, banks, credit unions, lending companies, higher education, and government organizations. We understand the requirements of GLBA compliance better than most due to the many hats that we wear. Here is how we help companies maintain GLBA compliance:

  • GLBA Risk Assessments
  • GLBA Gap Assessments
  • Virtual CISO and Risk Services
  • GLBA Policy Review
  • Security Awareness Training
  • Vendor Risk Assessments
  • Penetration Testing
  • Vulnerability Assessments
  • Encryption Solutions
  • Information Security Strategic Plans
  • Inventory of Assets
  • GLBA Data Classification Services

Risk and Compliance

At CSS, we help with your Risk and Compliance programs. We also setup standards that make sense for your industry. If a program already exists, we piggyback off of what you are currently doing and make adjustments as needed.

Threat Protection and Response

We understand that vCISO is focused on strategic risk and compliance objectives throughout the year, but some organizations require hands-on cybersecurity expertise. Our team of professionals are ready to jump in where you need us the most. Our experts are assigned based on your specific needs. 

Schedule a Call with a Cyber Security Expert

drop us a line and keep in touch

Learn how we helped 100 top brands gain success.

Let's have a chat