The Gramm-Leach-Bliley Act, under Title V, establishes standards relating to administration, technical and physical information safeguards for financial institutions.
The term “financial institution” used by the FTC goes beyond the obviously definition such as a bank, credit union or securities broker. It also includes any organization that conducts financial activities such as CPA firms that provide income tax preparation, any investment advisor or investment company, real estate appraisers, automotive dealers who lease or finance, collection companies – and the list goes on.
The Gramm-Leach-Bliley Act signed into law on Nov. 12, 1999 requires financial institutions to assess risk, manage and control risk, oversee service providers, and adjust security programs as needed based on changing risk. One specific provision requires the business to “Identify reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of customer information or customer information systems.”
GLBA (S.30.IS and S.450.IS) allows closer ties among banks, securities firms and insurance companies, with the restriction that financial institutions and their partners are required to protect nonpublic personal data while in storage and to implement a variety of access and security controls. Specifically, section 6801(b) requires financial institutions:
For CIOs and CSOs, security of systems is a major provision of GLBA and requires ongoing vigilance to avoid penalties for non-compliance. Performing frequent network assessments, utilizing network penetration testing, and conducting a full security reviews will help organizations stay on guard.
client login