GLBA Cybersecurity Compliance
The Gramm-Leach-Bliley Act, known by the acronym GLBA, is also called the Financial Modernization Act of 1999. It was passed by Congress as a means of controlling ways in which financial institutions handle and deal with individuals’ private information.
For the purposes of the law, “financial institutions” means any firm involved in any financial activities. This includes everything from banks and mortgage lenders to automobile dealers.
Threatcare — the leader in proactive cyber defense — enables companies to validate their security. If a company must abide by GLBA, they must verify that individuals’ private information is secure.
Generally speaking, if your business deals in loans of any kind, collection of debt, real estate settlement or providing financial advice, then it’s very likely that GLBA applies to you.
Protecting information is important; many companies verify their security with Threatcare’s Violet Platform, a Breach and Attack Simulation (BAS) Technology. Next-gen vulnerability assessments through simulation should be a regular practice at companies of all sizes — especially ones required to meet legal compliance standards. Is your companies GLBA cybersecurity compliance currently meeting standards?
The Act features three sections:
- The Financial Privacy Rule: This section regulates collection, dissemination/disclosure of a person’s private financial information
- The Safeguards Rule: It directs financial institutions to adopt and implement certain security programs for the protection of private information
- The Pretexting provisions: These ban the practice of pretexting (gaining access to private data using false pretenses)
In addition, the GLBA also instructs financial institutions to provide customers with written privacy notifications explaining the firm’s practices on sharing information. So in other words, part of complying with the law is financial institutions telling customers how their sensitive, private information is shared, which customers can opt-out of if they prefer that their private information not be shared with third parties.
GLBA compliance is beneficial in a number of ways. For example, compliance reduces a financial firm’s risk of accruing penalties imposed by regulatory agencies, while helping firms limit damage to their reputations via unauthorized sharing of private customer data.
Customers also benefit from GLBA compliance. They are assured their data is secure against unauthorized access, and they must be notified in writing of any private sharing of information with other financial institutions and third parties.
In addition, user activity of data must also be tracked, and that includes any attempts by firms to gain access to private data that is protected.
Compliance with the Financial Modernization Act helps build customer confidence, consumer reliability and trust. Customers have assurances that their data is protected by the financial firm, and such safety and security requirements can also bolster customer loyalty which results in repeat business, reputation boost and other benefits.
Is your company using Threatcare to verify proper GLBA cybersecurity compliance standards?