Network Encryption from CipherOptics
 
 
 Company Overview
 Executive Team
 Board of Directors
 Executive Advisory Board
 Newsroom
 In the News
 Tradeshows & Events
 Industry News
 Trophy Room
 Press Releases
 Careers
 Solutions Overview
 Network Encryption
 MPLS Network Security
 Metro Ethernet Security
 International Data Protection
 Network Security & Data Protection
 Disaster Recovery
 Ethernet Encryption
 Point-to-Point Encryption
 Real-time & High-volume Applications
 Secure Information Sharing
 Products Overview
 CipherEngine™
 Security Gateways
 Service Offerings
 Resource Center
 Compliance Overview
 HIPAA Compliance
 Sarbanes-Oxley Compliance
 GLBA Compliance
 CA SB 1386 Compliance
 PCI DSS Compliance
 Basel II Compliance
 FERPA Compliance
 FFIEC Compliance
 ISO 17799 Compliance
 NERC Cyber Security
 Government Overview
 Government Regulations
 FISMA Compliance
 DoD 8100.2 Compliance
 NISPOM Compliance
 DCID 6/3 Compliance
 Government Security News
 10Gig Network Encryption
 Partner Overview
 Strategic Partners
 Resellers
 Technology Partners
 Become a Partner
 Partner Portal Login
 Contact Information
 Web Contact Form
 Support
 
   

Compliance
Quick Links
Secure Information
Sharing
 White Papers
CipherEngine
Resource Center
Compliance Video
Regulatory Compliance Overview Video
Watch the video
Contact Us
1-877-878-6655
info@cipheroptics.com
Ask a Quick Question

Home > Compliance > GLBA Compliance

Graham-Leach-Bliley Act (GLBA) Security Compliance

GLBA is designed to protect the financial private information of consumers. The law instructs financial institutions to secure and protect GLBA Compliance private information from unauthorized use or access and updates the practice and policies for individual consumers to control the use of such data. GLBA was signed into law in 1999 with full compliance required by July 1, 2001.

How does CipherOptics help?
CipherOptics CipherEngine enables Secure Information Sharing, which assures the confidentiality, authenticity, and integrity of data in motion on any network. Our approach to protecting both your network and your data is to deny access to everyone, permit by exception. With that as our driving force, our solutions provide you with both encryption and authentication of all your critical information.

We use 256-bit AES encryption that is approved by the government for "sensitive but unclassified" information; our solutions authenticate networks and packets, as well as, protect data. Using the robust secure hash algorithm (SHA-1) to verify the integrity of the data, rejecting any packets that have been manipulated or altered.

CipherEngine offers a reliable and proven method of ensuring GLBA requirements for data confidentiality, integrity, and authentication. They are an essential part of best practices to meet GLBA compliance.

What does CipherOptics do?
CipherOptics is the leader in network-wide encryption. Offering an innovative policy and key management solution, coupled with high speed, low latency encryption technology, CipherOptics helps their customers mitigate the risk of data leakage, loss and theft over any network.

Who is affected by GLBA?
GLBA's requirements affect U.S. financial institutions such as banks, credit unions, securities brokerages, and insurance firms. Companies providing the following other types of financial products and services to consumers are also affected: lending, brokering or servicing any type of consumer loan, transferring or safeguarding money, preparing individual tax returns, providing financial advice or credit counseling, providing residential real estate settlement services, collecting consumer debts, and so on.

What are the requirements of GLBA?
Title V of GLBA requires:
  • The privacy of nonpublic personal information (Financial Privacy Rule). "Each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers' nonpublic personal information." The Financial Privacy Rule provides for a privacy policy agreement between the company and the consumer pertaining to the protection of the consumer’s personal nonpublic information.
  • The establishment of customer financial data protection measures (Safeguards Rule). "Each agency or authority ... shall establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical, and physical safeguards--
    1. to insure the security and confidentiality of customer records and information;
    2. to protect against any anticipated threats or hazards to the security or integrity of such records; and
    3. to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer."

What are the penalties for GLBA non-compliance?
The GLBA gives authority to eight federal agencies and the states to administer and enforce the Financial Privacy Rule and the Safeguard Rule. Non-compliance of GLBA can result in a variety of fines and up to 5 years imprisonment for each violation.

Violation of the GLBA may result in a civil action brought by the United States Attorney General. A 2003 amendment to the act specified, (1) "the financial institution shall be subject to a civil penalty of not more than $100,000 for each such violation," and (2) "the officers and directors of the financial institution shall be subject to, and shall be personally liable for, a civil penalty of not more than $10,000 for each such violation."

How do companies comply with GLBA?
While most financial services firms are informing their customers of the company's privacy policy, fewer have the strong data protection measures in place to secure the personal information.
The Safeguards Rule requires companies to develop a written information security plan that describes their program to protect customer information. The FTC explicitly notes that part of the plan should include "encrypting sensitive customer information when it is transmitted electronically via public networks."

To meet the spirit and letter of the law, companies must:
  • Ensure confidentiality (encryption during flight and in storage)
  • Prevent unauthorized access (authentication and access controls)
  • Protect customer data against anticipated hazards or threats to security
  • Protect customer data integrity (provide data integrity schemes)

Helpful Resources
GLBA Title V, Subtitle A: Disclosure of Nonpublic Personal Information
GLBA's Financial Privacy Rule (Overview)
GLBA's Safeguards Rule (Overview)
 
Copyright 2002-2008 CipherOptics, Inc. | All rights reserved | 1-877-878-6655
Trademark and Legal Notices | Privacy Policy | Site Map