Also known as the Financial Modernization Act, GLBA stands for the Gramm-Leach-Bliley Act - a law that requires financial institutions in the US to protect non-public personal information (NPI).
It was brought in to help safeguard the privacy of customers and since 1999, those in the financial sector such as banks, insurance companies, and fintech businesses, have adhered to it.
Companies need to tell their customers how they share their sensitive data, let them know that they’re able to opt out of their data being shared with third parties, and ensure they’re aligned with a clear information security plan.
A revised Safeguard rule is coming into force on June 9th, 2023 that sets out more recommendations for keeping customer data safe.
NPI stands for Nonpublic Personal Information and covers a multitude of data that is typically not available to the public. NPI can include:
Under GLBA, financial institutions must comply with three key elements:
1. Privacy Rule: The Privacy Rule states that financial institutions must keep their customers informed about their privacy practices and give them the opportunity to opt out of sharing their personal information with third parties.
2. Safeguards Rule: The Safeguards Rule requires financial institutions to develop information security programs to protect customer information effectively. That could include risk assessments, putting safeguards in place to control risks, regularly testing the effectiveness of the safeguards, and training employees on security procedures. One person must take ownership of this plan and it must be regularly reviewed.
The company’s third parties must also put systems in place to protect customer information so they do not pose a threat to the data.
3. Pretexting Provisions: As tactics from malicious actors become more sophisticated, GLBA includes requirements for businesses to prevent pretexting. Those in the financial sector need to ensure sensitive data is locked down and unable to be accessed by those who aren’t authorised to view it.
The Federal Trade Commission (FTC) ensures companies are complying with GLBA, as well as the Office of the Comptroller of the Currency (OCC) and the Federal Reserve.
You could be facing financial losses such as fines, as well as reputational losses too. It’s not just on a company level either - individuals who violate GLBA could face up to five years in prison.
Financial penalties include:
Sheree Buller Lim, Head of Product at Metomic says, “Metomic can help companies ensure their compliance with GLBA in a number of ways:
There are three main features of Metomic that can help you ensure compliance with GLBA:
And the best part is that you can do all of it from one platform.
Want to try it for yourself? We offer a free risk audit for your business. Just fill out the form here to let us know you’re interested and we’ll be in touch soon: https://metomic.io/contact-us