GLBA
The Gramm-Leach-Bliley Act
Overview
GLBA was enacted, in part, to allow financial services institutions to consolidate. Prior to GLBA, banks, securities firms, and insurance companies were required to remain separate as per the Glass-Steagall Act of 1933.
In addition to repealing the Glass-Steagall Act, GLBA includes requirements for financial services institutions to protect consumers' "nonpublic personal information". This is provisioned through the "Financial Institutions Safeguards" section in GLBA that requires institutions to implement safeguards to achieve the following:
- to insure the security and confidentiality of customer records and information
- to protect against any anticipated threats or hazards to the security or integrity of such records
- to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer
GLBA tasks a number of federal agencies with enforcement of GLBA. In addition to enforcement, GLBA requires that these agencies establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical, and physical safeguards. Some examples of governing bodies that have created a "Safeguards Rule" in accordance with section 501(b) of GLBA include:
- FFIEC (Federal Financial Institutions Examination Council)
- FTC (Federal Trade Commission)
- NCUA (Part 748) (National Credit Union Administration)
- SEC (Regulation S-P) (Securities and Exchange Commission)
References
- GLBA
- FFIEC
- Federal Reserve System (FRB)
- Federal Deposit Insurance Corporation (FDIC)
- National Credit Union Administration (NCUA)
- Office of the Comptroller of the Currency (OCC)
Industry
Financial Services Institutions
- Banks
- Credit Unions
- Lending Houses
- ...and more
How secure is your organization?
Speak with an information security expert to find out.
Consultation