As a reputable financial institution in the U.S., your compliance with the Gramm-Leach-Bliley Act (GLBA) is vital. Per GLBA provisions, it’s essential you comply with the Federal Trade Commission (FTC) standards for sharing and protecting the non-public personal information (NPI) of your consumers and customers. Failing to meet the compliance requirements for GLBA risks damage to your brand and reputation, as well as severe fines and judicial action.
What is GLBA?
GLBA, also known as the Financial Modernization Act of 1999, is a consumer protection. The U.S. law focuses on protecting sensitive information, such as addresses, names and credit histories, that consumers and customers provide to financial institutions, such as banks and financial planners. As a part of GLBA compliance, financial organizations must notify customers about how they share NPI, as well as inform consumers of their right to request that their data remains unavailable to unaffiliated third parties.
Who GLBA Compliance Applies to
If you’re curious about whether GLBA standards apply to your organization, you should know that the following actions often mandate GLBA compliance:
- Collecting debts as a service
- Offering real estate settlement services
- Providing career counseling to financial service professionals
- Delivering investment, economic or financial advice services
- Brokering or servicing loans
- Lending, transferring, investing or exchanging funds as a service
In some instances, such as if the above financial activities are a minimal component of your company’s operations, you may be exempt from these FTC regulations.
What are GLBA Compliance Requirements?
As a part of GLBA compliance, you’re mandated to meet the following requirements:
- The Financial Privacy Rule: The first item on your GLBA compliance checklist should be the Financial Privacy Rule. The point of this regulation is that you provide the appropriate notices of your privacy policies and practices to consumers, which are defined as individuals using your product or service for personal applications. You’ll also need to offer consumers the option to opt in or out of having their NPI disclosed to non-affiliated third parties.
- The Safeguards Rule: This regulation is why GLBA compliance and cybersecurity are often mentioned together. The Safeguards Rule requests that applicable financial institutions implement policies for securing customer information — customers are defined as individuals that maintain a relationship with your organization. As a part of this GLBA compliance requirement, you’ll need to ensure your affiliates and service providers maintain an NPI protection plan.
- The Pretexting Provisions: Another GLBA standard that involves cybersecurity is the Pretexting Provisions, which encourage financial institutions to develop safeguards for pretexting, also known as social engineering. To comply with this regulation, organizations often develop a written plan for monitoring account activity, as well as training staff that may provide NPI to a fraudulent entity.
How to Attain GLBA Compliance
If you’re required to comply with this FTC standard, a critical item on your GLBA compliance checklist will be your cybersecurity. Because of the Safeguards Rule and Pretexting Provisions, you’ll need a cybersecurity solution that provides comprehensive monitoring, event logging and log management, as well as an infrastructure that’s compliant with GLBA. Developing a solution like this in-house is often cost-prohibitive, which is why many companies partner with BlackStratus.
At BlackStratus, we provide a secure and cloud-based solution for GLBA compliance — CYBERShark™. With CYBERShark, your company can generate GLBA-compliant reports with ease, as well as monitor and remediate customer accounts and malicious activity around-the-clock, ensuring your organization delivers reliable service to your customers and consumers.
Discover the complete features of CYBERShark with a free demo today.