GLBA Compliance

What is GLBA compliance?

The Gramm-Leach-Bliley Act (GLBA) is an act from congress that was put in place in 1999 to repeal the Glass Steagal Act of 1933. GLBA is also referred to as the Financial Services Modernization Act of 1999. While GLBA has many stipulations, there are two primary areas when it comes to Information Security requirements. This includes the Privacy Rule and the Safeguards Rule. 

Do I need to comply with GLBA?

The FTC Safeguards Rule applies to many organizations that receive non public information (NPI). A few examples are listed below:

  1. Banking Financial Institutions
  2. Insurance Companies
  3. A retailer that issues its own credit cards
  4. An automobile dealership that leases automobiles
  5. A personal property or real estate appraiser
  6. In some cases, financial professionals
  7. A business that prints or sells checks
  8. Any business that wires money to and from customers
  9. Any check cashing business
  10. Accountants and tax preparation service companies
  11. Travel agencies
  12. Real estate settlement services
  13. Mortgage Brokers
  14. An investment advisory company or credit counseling service
  15. Companies that bring buyers and sellers together
  16. Higher Education institutions that receive federal student aid under Title IV of the Higher Education Act of 1965.

What can happen if you don't comply with GLBA?

There are a number of enforcement bodies within the United States. The FTC and federal banking agencies are the most common enforcement agencies. The other enforcement agencies can be the State Attorney General, the State Insurance Commissioners, or the Consumer Financial Protection Bureau. The Office of the Comptroller of the Currency and the Securities Exchange Commission are also enforcement bodies. 

The enforcement bodies may issue large fines. They may also issue consent orders that require security controls. The Consumer Financial Protection Bureau (CFPB) provides the latest enforcement actions on their website:

GLBA – CFPB Enforcement Actions Website

 

How we help get you to GLBA compliance?

  • GLBA Risk Assessments
  • GLBA Gap Assessments
  • Virtual CISO and Risk Services
  • GLBA Policy Review
  • Security Awareness Training
  • Vendor Risk Assessments
  • Penetration Testing
  • Vulnerability Assessments
  • Encryption Solutions
  • Information Security Strategic Plans
  • Inventory of Assets
  • GLBA Data Classification Services