What Is the Gramm-Leach-Bliley Act (GLBA)?

The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, is a United States federal law that repealed the Glass-Steagall Act of 1933.

As our world becomes more and more digital, we store an increasing amount of sensitive information online. This is why government laws and regulations are constantly being updated and enacted to protect consumers’ information. One of these laws is the Gramm-Leach-Bliley Act (GLBA).

The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, is a United States federal law that repealed the Glass-Steagall Act of 1933. GLBA was passed by Congress in response to the changing nature of the financial services industry, which had seen a dramatic increase in the number of mergers and acquisitions between banks, securities firms, and insurance companies.

The GLBA requires financial institutions to disclose their information-sharing practices to their customers and to take steps to protect the non-public personal information of their customers. The GLBA also imposes restrictions on sharing certain customer information between financial institutions and non-affiliated third parties.

There are three main categories of protection:

• The Financial Privacy Rule: This rule requires financial institutions to provide customers with a privacy notice that explains what information is collected about them, how it is used, and what steps are taken to protect it. See 16 CFR Part 313.
• The Safeguards Rule: This rule, as the name suggests, requires financial institutions to take steps to protect customer information from unauthorized access or theft. This may include physical, electronic, and procedural safeguards. See 16 CFR Part 314.
• The Pretexting Rule: This rule prohibits financial institutions from sharing customer information with third parties unless the customer has been given the opportunity to opt out or has specifically consented to the sharing. See 15 USC § 6821.

On October 27, 2021, the Federal Trade Commission (FTC) finalized a rule to amend the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule and the Privacy Rule. The intentions of the update were to ensure the security and confidentiality of customer information, protect against any anticipated threats or hazards to the security or integrity of such information, and protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.

What Businesses Does GLBA Cover?

The law defines financial institutions as companies that offer products and services that are “financial in nature.” The GLBA applies to any financial institution subject to the jurisdiction of the federal banking agencies, the Securities and Exchange Commission, or the Commodity Futures Trading Commission.

These businesses can include:

• Banks
• Credit unions
• Securities firms
• Insurance companies
• Auto dealerships
• Mortgage brokers
• Tax preparers

What Types of Data Does the Gramm-Leach-Bliley Act Protect?

The GLBA applies to any type of customer information used to identify an individual. Non-public personal information (NPI) is a key concept in the GLBA. NPI is any information about an individual that is not publicly available and that can be used to identify that individual.

Examples of NPI include:

• Social Security Numbers
• Driver’s License numbers
• Bank account numbers
• Credit card numbers
• Home address
• Birthdate

Complying with GLBA regulations can be challenging for companies, especially those not used to handling customer data. However, complying with these regulations will put your organization at a lower risk for privacy issues.

Non-compliance with GLBA requirements can result in the following:

• A civil penalty of up to $100,000 per violation
• Individuals in charge of compliance may be subject to criminal penalties of up to $10,000
• individuals who knowingly and willfully violate the GLBA may be subject to imprisonment of up to five years

How Can Organizations Become GLBA Compliant?

Compliance with government regulations like the Gramm-Leach-Bliley Act (GLBA) is more important than ever for businesses in the financial services industry. Gaining a thorough understanding of the Safeguards Rule is an important step in becoming GLBA compliant because this rule focuses on the confidentiality and security of customer information.

To comply with the Safeguards Rule, businesses must do the following:

• Designate an employee or employees to oversee the development and implementation of the security program
• Conduct a risk assessment to identify potential threats or hazards to customer information
• Develop and implement policies and procedures to address the risks identified in the risk assessment
• Train employees on the security program and policies and procedures
• Test the security program to ensure that it is effective

Getting and staying GLBA compliant can seem difficult and daunting for financial institutions. You take pride in protecting your customer’s data, but it can be hard to keep up with the ever-changing compliance landscape. That’s where managed IT comes in. Managed IT providers can help you meet GLBA compliance standards and exceed them. By working with a managed IT provider, you can have peace of mind knowing that your customer’s data is always safe and secure.

Thrive Can Help With GLBA Compliance

Thrive offers premier managed IT services that can help financial institutions in Miami and Fort Lauderdale comply with the Gramm-Leach-Bliley Act. Our network security services include, but are not limited to:

• Penetration Testing
• Firewall Management
• Intrusion Detection and Prevention
• Vulnerability Management
• Web and Email Filtering
• Security Assessments
• Malware Protection

We understand how complex and time-consuming it can be for financial institutions to keep up with the latest compliance regulations. This is why our team of IT experts will work closely with you to ensure that your IT infrastructure is secure and compliant.

We will take the following steps to secure your IT infrastructure:

• Perform a comprehensive security assessment of your current IT infrastructure
• Identify any vulnerabilities and potential risks
• Implement the necessary security measures to mitigate those risks
• Regularly monitor your IT infrastructure for any changes or new risks

Your technology should not be a roadblock to growth but a strategic asset that helps you meet your business goals. With our managed IT services, you can focus on your core competencies while we take care of the rest. We take the time to learn about your business from top to bottom to provide you with the most comprehensive IT solution possible.

Please contact us if you would like to learn more about our managed IT services and how we can help your financial institution in Miami or Fort Lauderdale comply with the Gramm-Leach-Bliley Act. We look forward to hearing from you!