Skip links

What is GLBA Compliance?

Financial institutions often handle and store a lot of sensitive data of their customers. In these times, where the number of cyberattacks has increased, how can customers ensure that their data is in safe hands?

The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Modernization Act of 1999, requires financial institutions to explain how they share and protect their customers’ private information. Financial companies need to provide a detailed report of where and how each customer’s data is shared and the customers must be informed of this. The customers have an option to refuse to share their data with any third-party entities. Financial institutions are also mandated to secure all data against unauthorized access, and any user activity involving these data sets must be authorized and monitored rigorously.

Following rules and complying with GLBA policies will allow these financial organizations to enjoy certain privacy and safety benefits and reduces the risk of losing sensitive data that belong to customers. It increases trust among customers and helps build brand credibility.

What information does GLBA protect? 

GLBA protects all manner of non-public personal information (NPI) of customers. Some examples that fall under the umbrella of NPI are:

  • Income details
  • Social Security Numbers
  • Credit Information
  • Bank account numbers
  • Transaction details
  • Phone Numbers
  • Addresses
  • Names

What are the main facets of GLBA?

Financial Privacy Rule: It demands that all financial institutions dealing with customer data provide them with a written privacy notice that details the information the institution has about the customer, how it intends to use it, and the level of protection their data would get. This notice must be updated annually.

Safeguards Rule: This mainly pertains to protecting NPI and developing strategies that will secure the information. If there are updates in how customer data is collected, stored, and used, the safeguards also must be brought up to date.

Typically, an organization is expected to have a particular employee(s) in charge of its information security program, identifying the risks to customer information periodically and raising an alarm in case of any flags. The employees who handle sensitive data must be managed and trained about the information security plans and implementation.

GLBA Penalties

If an institution is found to be in violation of GLBA, the ramification can be significant. Some common penalties include:

  • Each violation will incur a fine of $100,000 for financial institutions
  • Individuals in charge of the information would face up to $10,000 for each violation and can even face jail time of up to 5 years

GLBA compliance is mandatory for the proper protection of customers’ information. With the current state of cybercrimes, financial institutions must constantly be on their toes and should invest in the latest technology that can reduce the risk of information loss. To get a consultation, talk to a security expert at Netlabs Global today.

Leave a comment