What is GLBA?

The Gramm-Leach-Bliley Act (GLB Act or GLBA), also known as the Financial Modernization Act of 1999, is a federal law enacted in the United States. It helps define and control how financial organizations handle and destroy the private information of individuals. GLBA also requires financial institutions to give customers written privacy notices that explain how they share those individuals’ sensitive data and inform customers of their right to opt-out if they prefer that their personal data not be shared with third parties.

As part of the implementation of GLBA, the Federal Trade Commission issued the Safeguards and Privacy Rules, which require financial institutions to design, implement, and maintain an information security program to protect the privacy and integrity of nonpublic customer information. Through administrative, technical and physical safeguards, GLBA programs must do the following:

  • Ensure the security and confidentiality of customer records and information
  • Protect against any anticipated threats or hazards to the security or integrity of customer records
  • Protect against unauthorized access to or use of customer records or information, which could result in substantial harm or inconvenience to the customer

Maintaining GLBA compliance is critical for any financial organization, as violations can be both costly and detrimental to continued operations. Passing a GLBA risk assessment means that organizations can demonstrate the presence of the required security controls and privacy procedures needed to protect customer records.

DirectDefense Assists Customers in Identifying Gaps Between Their Current GLBA Compliance Program and the GLBA Guidelines

Our GLBA services include:

  • GLBA Safeguards Rule Gap Assessment
    • Utilizes FFIEC Information Technology Examination Handbook as a reference

  • GLBA Privacy Rule Review
  • Security Testing
  • Developing Required Documentation
    • Information Security Plan
    • Risk Management Program
    • Applicable Policies and Procedures