Quality, Expert-Derived Cybersecurity Documentation To Keep Organizations Secure, Compliant & Resilient - No AI Slop!
Secure Controls Framework
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Cart
Start Here
Products
Bundles
Updates
Reasons To Buy
Certification Options
Home
FAQ
What is GLBA data?

What is GLBA data?

Direct Answer

The term “GLBA Data” refers to Nonpublic Personal Information (NPI) collected by financial institutions about their customers, protected under the Gramm-Leach-Bliley Act (GLBA).

NPI includes details such as:

  • Names;
  • Addresses;
  • Social Security Numbers (SSNs) or taxpayer IDs;
  • Financial account numbers;
  • Income;
  • Credit histories;
  • Transaction histories; and
  • Nonpublic financial profiles

The three (3) main objectives of GLBA 501(b) are to:

  • Ensure the security and confidentiality of customer records and information;
  • Protect against any anticipated threats or hazards to the security or integrity of such records; and
  • Protect against unauthorized access or use of such records or information which could result in substantial harm or inconvenience to any customer.

In addition to the direct providers of those services, any organization that receives data from those providers must also comply with GLBA requirements. The FTC uses an extremely broad definition of the term "financial institution" for the purposes of GLBA. In accordance with GLBA, almost any organization that works with consumers’ money is considered a financial institution. Some inclusions are obvious (e.g. bank, credit union or brokerage). However, there are many less obvious inclusions as well. Examples include:

  • Preparers of income tax returns;
  • Consumer credit reporting agencies and credit counseling services;
  • Real estate transaction settlement services; and
  • Debt collection agencies.
Keep Exploring

Relevant ComplianceForge Resources

References

Authoritative Sources