What is GLBA?
The Gramm-Leach-Bliley Act (GLBA), also know as the Financial Modernization Act of 1999, applies to any financial institution that gathers and uses consumers’ nonpublic privacy information (NPI). Under this U.S. federal law, financial institutions are required to disclose how they share and protect this type of private information. It is enforced by the FTC and federal banking regulators with the aim of preventing unauthorized use, distribution, or illegal access to customers’ nonpublic data.
To be compliant with the GLBA, financial organizations must meet the data security standards within the Safeguards Rule. Along with the FTC Privacy Rule, this framework requires institutions to have a written security plan and information security measures in place to protect the privacy of customers and consumers. In accordance with their individual security plan, organizations must inform their customers about how they share the customers’ sensitive data with third parties, their right to opt-out, and implement the protections outlined for customers’ private data.
What Types of Organizations Must Comply with GLBA Standards?
Financial institutions that must abide by the Gramm-Leach-Bliley Act may engage in significant financial activities. This often includes providing loans, performing debt collection, giving investment advice, offering real estate settlement services, or providing other financial services.
What Are the Advantages of GLBA Compliance?
When it comes to security and privacy, regulatory compliance builds trust among customers and stakeholders. Demonstrating conformity with GLBA decreases the risk of data breaches, damage to the company’s reputation, and hefty fines. In fact, financial institutions found in violation of GLBA regulations can be fined up to $100,000 for each incident of non-compliance.
How Does I.S. Partners Assist Us in Meeting GLBA Compliance Requirements?
At I.S. Partners, LLC, we take the anxiety out of the process by providing comprehensive compliance auditing for information security. First, we evaluate current policies and procedures by performing a readiness assessment. Then, our team checks internal controls and policies to see if they effectively keep nonpublic privacy information safe and secure. We also run a gap analysis to identify issues and provide recommendations for enhancing GLBA compliance.