The Gramm-Leach-Bliley Act (GLBA)

The Gramm-Leach Bliley act (GLBA) was enacted to protect the personal financial information of individuals that is held by financial institutions. There are three main parts to the privacy requirements: the Financial Privacy Rule, Safeguards Rule and pretexting provisions. These parts are defined by the Federal Trade Commission below.

The Financial Privacy Rule governs the collection and disclosure of customers' personal financial information by financial institutions. It also applies to companies, whether or not they are financial institutions, who receive such information.

The Safeguards Rule requires all financial institutions design, implement and maintain safeguards to protect customer information. The Safeguards Rule applies not only to financial institutions that collect information from their own customers, but also to financial institutions "such as credit reporting agencies" that receive customer information from other financial institutions.

The Pretexting provisions of the GLBA protect consumers from individuals and companies that obtain their personal financial information under false pretenses, a practice known as "pretexting."

The GLBA's privacy protections regulate financial institutions and businesses that are engaged in banking, insuring, stocks and bonds, financial advice, and investing and those businesses that receive personal financial information from financial institutions.

Companies that are non-compliant with the GLBA can face civil and/or criminal penalties. Officers and directors of these companies can be held personally responsible for violations.

To comply with the GLBA the primary goal should be to secure the personal financial information of consumers. The GLBA requires organizations to follow mandated security standards and to implement safeguards against the unauthorized breach of confidential information. Safeguards should be to:

(1) insure the security and confidentiality of customer records and information;

(2) protect against any anticipated threats or hazards to the security or integrity of such records; and

(3) protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.

Dynamic Compter Corporation’s Network Security Solutions practice can test the vulnerability of your network, provide remediation strategies, perform independent audits, provide business impact assessments to determine risk and offer social engineering to effectively train employees on how to maintain the security of personal financial information.