Gramm-Leach-Bliley Act - Security of personal information by financial institutions.
The Gramm-Leach-Bliley Act, under Title V, establishes standards relating to administration, technical and physical information safeguards for financial institutions.

The term "financial institution" used by the FTC goes beyond the obviously definition such as a bank, credit union or securities brokers. It also includes any organization that conducts financial activities such as CPA firms that provide income tax preparation, any investment advisor or investment company, real estate appraisers, automotive dealers who lease or finance, collection companies - and the list goes on.

For CIOs and CSOs, security of systems is a major provision of GLBA and requires ongoing vigilance to avoid penalties for non-compliance. According to Bruce Moulton, vice president of Symantec's Information Security Business Strategy, he recommends companies subscribe to an information service, perform frequent network self-assessments, and utilize network penetration testing. Click here for article.

For information on NCX Group's Secure24 Comprehensive Security Review, please click here.

Gramm-Leach-Bliley Act of 1999 (GLBA) (S.30.IS and S.450.IS) allows closer ties among banks, securities firms and insurance companies, with the restriction that financial institutions and their partners are required to protect nonpublic personal data while in storage and to implement a variety of access and security controls. Specifically, section 6801(b) requires financial institutions:

1)	to ensure the security and confidentiality of customer records and information
2)	to protect against any anticipated threats or hazards to the security or integrity of such records
3)	to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer

	Who is Affected? Banks, credit unions, investment companies and other financial institutions and their partners who collect or store "non-public personal data."
	What's Covered? A customer's personal financial information, including that an individual is even a customer of a particular financial institution, the consumer's name, address, social security number, account number, and any other information a consumer provides on an account application.
	Key Dates July 1, 2001 Mandatory compliance with privacy regulations
	Penalties for non-compliance Failure to comply with GLBA results in regulatory fines for the financial institution. In addition, CEOs and directors can be held personally liable for any misuse of non-public, personally identifiable information.
	What can you do? Improving your network security is always cheaper than reacting to a security breach. Understanding and controlling the threats to customer financial information requires continuous risk management. Key aspects of mitigating these risks are: Obtain regular independent information security evaluations. Implement controls that assess information security risks. Document and review information security processes.
	Other GLBA Resources These links will open in a new window Official site U.S. Federal Trade Commission (FTC) Specific sections (e.g. 6801) related to privacy and security U.S. Senate Banking Committee report on GLB

This information is provided as a service based on NCX Group's interpretation of the Gramm-Leach-Bliley Act. NCX Group, Inc. assumes no liability for any errors, omissions or misinterpretations arising from this information. Always consult an attorney for specific legal information.

Return to Security Compliance Home Page