Gramm-Leach-Bliley Act (GLBA)

The Financial Services Modernization Act of 1999 (Gramm-Leach-Bliley Act) (GLBA) includes provisions to protect consumers' personal financial information held by financial institutions. As part of its implementation of GLBA, the Federal Trade Commission (FTC) issued the Safeguards Rule under section 501(b), requiring financial institutions under FTC jurisdiction to secure customer records and information. 

The three main objectives of GLBA 501(b) are to:

GLBA Focus

In accordance with GLBA, almost any organization that works with consumers’ money is considered a financial institution. Some inclusions are obvious (e.g. bank, credit union or brokerage). However, there are many less obvious inclusions as well. 

Some examples from the FTC include:

In addition to the direct providers of those services, any organization that receives data from those providers must also comply with GLBA requirements. The FTC uses an extremely broad definition of the term "financial institution" for the purposes of GLBA

GLBA Compliance - Safeguards Rule

The Safeguards Rule, which went into effect in 2003, requires that included institutions take proactive steps to ensure the security of customer information. 

At a minimum, institutions must:

Compliance with the GLBA is a serious matter. Failure to comply has serious consequences for individuals and organizations found guilty.

Federal Financial Institutions Examination Council (FFIEC)

The Federal Financial Institutions Examination Council (FFIEC), comprised of examiners from many different regulatory bodies tasked with GLBA enforcement, has created an Information Security Handbook and an exhaustive set of tests to assess compliance with the Safeguards Rule, including over 20 specifically related to intrusion prevention and detection. 

The security process recommended by the FFIEC comprises five key areas:

Browse Our Products

  • Digital Security Program (DSP)

    Digital Security Program (DSP) - SCF Policy Template

    Secure Controls Framework (SCF)

    Secure Controls Framework (SCF) "Premium Content" - Expertise-Class Policies, Control Objectives, Standards, Guidelines, Controls & Metrics. Product Walkthrough Video This short product walkthrough video is designed to give a brief overview about...

    Choose Options

Learn More About Cybersecurity & Data Privacy