The Gramm-Leach-Bliley Act (GLBA) is an act from congress that was put in place in 1999 to repeal the Glass Steagal Act of 1933. GLBA is also referred to as the Financial Services Modernization Act of 1999. While GLBA has many stipulations, there are two primary areas when it comes to Information Security requirements. This includes the Privacy Rule and the Safeguards Rule.
The FTC Safeguards Rule applies to many organizations that receive non public information (NPI). A few examples are listed below:
There are a number of enforcement bodies within the United States. The FTC and federal banking agencies are the most common enforcement agencies. The other enforcement agencies can be the State Attorney General, the State Insurance Commissioners, or the Consumer Financial Protection Bureau. The Office of the Comptroller of the Currency and the Securities Exchange Commission are also enforcement bodies.
The enforcement bodies may issue large fines. They may also issue consent orders that require security controls. The Consumer Financial Protection Bureau (CFPB) provides the latest enforcement actions on their website: