The Gramm Leach Bliley Act, simply known to many as GLBA, while it repealed provisions within the 1933 Glass - Stegall Act, it nevertheless contains a number of important mandates relating to regulatory compliance in the financial services word. Specifically, the "Financial Privacy Rule", "Safeguards Rule" and "Pretexting Protection" literature within GLBA created strict requirements for privacy, protecting and disclosing various types of information, along with other measures.
Learn more about our signature product, the Global Information Security Compliance Packet (GISCP), the world's most complete security policy packet containing over 2,850 + pages of in-depth information security policies, procedures, forms, checklists, templates, provisioning and hardening documents, and much more.
Learn more today about the GISCP by viewing sample policies, forms, hardening documents, and more.
Financial Privacy Rule | GLBA | Gramm Leach Bliley
For organizations offering financial products or services to consumer, certain regulatory compliance guidelines relating to "privacy notices and information disclosure practices regarding consumer's information must be met, with no exceptions. As a result, banks, securities firms - just to name a select few - and other financial institutions are required to make these disclosures to both their customers and consumers.
Please note that for purposes of GLBA compliance, a "financial institutions" is an organization that's "significantly engaged" in "financial activities", such as offering products and services to individuals, such as loans, financial and investment advice, insurance, etc.
Some common examples of "financial institutions" include mortgage lenders, credit counseling services, collection agencies, along with a laundry list of other entities. Simply stated, if your organization provides services to "customers" and "consumers" for which a financial product or service is involved, then it's highly likely GLBA compliance is a must. And if you're curious, a "consumer" is defined as someone that obtains or has obtained financial products or services from an actual financial institution, and for which is being used primarily for personal, family, or household purposes, or for that individual's legal representative As for a customer, they are actually a "consumer" who has a "continuing relationship" with a financial institution.
Safeguards Rule | GLBA | Gramm Leach Bliley
The Safeguards Rule requires that financial institutions have an adequate security plan in place for protecting the confidential information of consumers. This "security plan" ultimately requires procedures for properly dispose of consumer report information, along with general guidelines for ensuring compliance with the privacy provisions within GLBA.
Pretexting | GLBA | Gramm Leach Bliley
As for Pretexting Protection, this ultimately requires that safeguards be in place for protecting against "pretexting" measures, which can include any type of deliberate attempt to gain access to private information for which an individual is explicitly not allowed to access.
GLBA Security Policies and Procedures are a Must for Compliance
These are stringent requirements for financial institutions, without question, thus organizations must have in place documented policies and procedures for GLBA compliance, which can be obtained by purchasing Global Information Security Compliance Packet (GISCP) set of operational, business specific, and information security policies and procedures from Flat Iron Technologies, LLC.