The Gramm-Leach-Billey Act (GLBA or the Act) requires financial institutions to submit and explain their information-sharing practices to their customers. It also requires financial institutions and financial product providers to protect sensitive data by developing a written security plan under the Safeguards Rule.

It is critical that financial institutions adhere to protecting this data to prevent unauthorized use, distribution or any other illegal access to this non-public customer information. Customers not only value their privacy, but they are entitled to it when submitting confidential data to a financial institution.

Refer to our Essential Guide to GLBA Compliance.

Section 501(b) of the GLBA lays out the responsibilities of financial institutions, relating to administrative, technical, and physical safeguards:

  • The financial institution ensures the security and confidentiality of the customer’s records and information.
  • The financial institutions protects against any threats to the security or integrity of the customer’s records.
  • The financial institution uses all possible safeguards to prevent unauthorized access to the customer’s private information.

What Types of Businesses Fall Under the Heading of “Financial Institutions” and Benefit from the GLBA?

Many businesses may not consider themselves financial institutions in the traditional sense, but they may want to reconsider their position, when it comes to the Safeguard Rules. What many business owners may not fully understand is that any business that is “significantly engaged” in distributing financial services or products is responsible for adhering to the Safeguards Rule. Anyone in doubt about their business should consult a knowledgeable GLBA auditor.

It may help to view a list of companies that clearly, and not so clearly, fall under this category to ensure full compliance to protect consumers’ data and business owners’ reputation:

  • Banks or other traditional financial institutions,
  • Hedge funds and credit unions,
  • Insurance companies,
  • Payday lenders, check-cashing and wire transfer businesses,
  • Brokerages and mortgage lenders,
  • Non-bank lenders, creditors, and loan providers,
  • Personal property or real estate appraisers,
  • Real estate settlers,
  • Retailers that issue their own branded credit cards,
  • Financial advisors and planners,
  • Accountants and tax preparers,
  • Debt collection and debt consolidation organizations,
  • Credit reporting agencies,
  • Stockbrokers,
  • ATM operators that receive consumer information from other financial institutions,
  • Colleges and universities.

What Are Some Key Facts About GLBA All Financial Institutions Should Know?

There are some key pieces of information that everyone should always keep in mind about the GLBA, including:

  • While GLBA covers a wide range of businesses, not all businesses need to comply with the Act.
  • Businesses should continually monitor for GLBA compliance and note any issues right away.
  • Business owners need to monitor third-party providers’ adherence to GLBA.
  • Destruction of data that is no longer needed is the best course for businesses.
  • IT managers should assign one or more employees to head up the information security plan.
  • Regularly testing for GLBA compliance is the best way to stay in compliance.
  • The security plan must be designed and implemented according to the size and complexity of the organization and its volume of data. The plan must also consider the nature of the business’s activities and the sensitivity of the customers’ data.

Each company is unique and can follow its own path toward compliance as long as it is, at the time of an official audit, compliant.

Compliance questions? Get answers!

Book a free 30-minute consultation with a specialist to find your path to compliance. Secure your spot today.


Why Is the GLBA Audit So Invaluable to Consumers and Financial Institutions?

A GLBA audit helps IT teams unearth simmering problems with their information security plan, giving them a chance to course-correct before a cyber-criminal has the chance to use the most minute vulnerability to their advantage. When working with a professional GLBA auditor, IT professionals will receive guidance and gap analysis to reach GLBA compliance. The auditor reviews the written information security plan to help refine it to thoroughly protect consumers’ records.

Who Can Help You with Your Upcoming GLBA Audit?

At I.S. Partners, LLC., our GLBA auditors can easily help your IT team find the best strategies toward consistent and continual compliance with GLBA and the Safeguards Rule. We will help you provide all the necessary information for your GLBA audit that explains your information-sharing plan that focuses on protecting your valued customers’ sensitive confidential data. Our Seal of Excellence provides transparency to your customers, as far as your compliance and their ability to opt out if they do not want you to share their personal information with certain third-parties.

If you need help designing your written information security plan, you need help determining whether you need to comply with GLBA and Safeguard Rules, or if you need a professional GLBA auditor to take over the reins of your next audit, send us a message or call us at 215-675-1400. We would love to learn more about your business and your needs!

About The Author

Get started

Get a quote today!

Fill out the form to schedule a free, 30-minute consultation with a senior-level compliance expert today!

Analysis of your compliance needs
Timeline, cost, and pricing breakdown
A strategy to keep pace with evolving regulations

Great companies think alike.

Join hundreds of other companies that trust I.S. Partners for their compliance, attestation and security needs.

Scroll to Top