Compliance
Contact Us
- Visa PCI Compliance
- NERC Compliance
- HITECH Act Compliance
- HIPAA Compliance
- Sarbanes-Oxley Compliance
- Basel II Compliance
- GLBA Compliance
- ISO 17799 Compliance
- FFIEC Compliance
- CA SB 1386 Compliance
- DCID 6/3 Compliance
- DoD 8100.2 Compliance
- FISMA Compliance
- NISPOM Compliance
Contact Us
Home > Compliance > GLBA Compliance
Graham-Leach-Bliley Act (GLBA) Security Compliance
What is GLBA?
Among other changes to financial laws, the Graham-Leach-Bliley Act created important new regulations designed to protect the private financial information of consumers. The law instructs financial institutions to secure and protect private information from unauthorized use or access. It also updates the practice and policies for individual consumers to control the use of such data. GLBA was signed into law in 1999 with full compliance required by July 1, 2001.
Who is affected by GLBA?
GLBA affects U.S. financial institutions such as banks, credit unions, securities brokerages, and insurance firms. Companies providing other types of financial products and services to consumers are also affected, including: lending, brokering or servicing any type of consumer loan, transferring or safeguarding money, preparing individual tax returns, providing financial advice or credit counseling, providing residential real estate settlement services, collecting consumer debts, and so on.
What are the requirements of GLBA?
Title V of GLBA requires:
- The privacy of nonpublic personal information (Financial Privacy Rule). "Each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers' nonpublic personal information." The Financial Privacy Rule provides for a privacy policy agreement between the company and the consumer pertaining to the protection of the consumer's personal nonpublic information.
- The establishment of customer financial data protection measures (Safeguards Rule). "Each agency or authority ... shall establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical, and physical safeguards --
- to insure the security and confidentiality of customer records and information;
- to protect against any anticipated threats or hazards to the security or integrity of such records; and
- to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer."
While most financial services firms are informing their customers of the company's privacy policy, few have the strong data protection measures in place to secure the personal information.
The Safeguards Rule requires companies to develop a written information security plan that describes their program to protect customer information. The FTC explicitly notes that part of the plan should include "encrypting sensitive customer information when it is transmitted electronically via public networks."
What are the penalties for GLBA non-compliance?
The GLBA gives authority to eight federal agencies and the states to administer and enforce the Financial Privacy Rule and the Safeguard Rule. Non-compliance of GLBA can result in a variety of fines and up to 5 years imprisonment for each violation.
Violation of the GLBA may result in a civil action brought by the United States Attorney General. A 2003 amendment to the act specified, (1) "the financial institution shall be subject to a civil penalty of not more than $100,000 for each such violation," and (2) "the officers and directors of the financial institution shall be subject to, and shall be personally liable for, a civil penalty of not more than $10,000 for each such violation."
How does CipherOptics help?
When you need to encrypt your data in motion, CipherOptics makes it easy. Whether you need to protect a single link, or your entire network, we eliminate the complexity of encrypting today's networks.
Our solutions combine standards-based, wire-speed encryption appliances with CipherEngine, the only policy definition and key distribution technology designed for multi-node networks. Together, they give you the highest level of data protection at the lowest total cost. CipherEngine gives you the power to protect data in motion wherever, however and whenever you want, without changes or disruptions to your network, your infrastructure, or your operations.
To see just how easy it can be to comply with the Graham-Leach-Bliley Act, call 1-877-878-6655 or feel free to ask us a question.
Learn More About:
Network Encryption
Ethernet Encryptors
IP Encryptors
CipherEngine Policy and Key Management
Helpful Resources
GLBA Title V, Subtitle A: Disclosure of Nonpublic Personal Information
GLBA's Financial Privacy Rule (Overview)
GLBA's Safeguards Rule (Overview)