Three integral pieces of the 1999 Gramm-Leach-Bliley Act (GLBA) focus on the information security review of consumers’ personal financial information. Together, the Financial Privacy Rule, the Safeguards Rule and the Pretexting Provisions determine how financial institutions can collect this information and how they must ensure the security and confidentiality of it.
How to Meet GLBA Requirements
To meet GLBA requirements for customer information security review requests, all financial institutions must:
- Provide notice to customers about privacy requirements regarding their personal financial information (Financial Privacy)
- Establish, implement and maintain a customer Information Security Program that secures and protects consumers’ personal financial information from anticipated threats and/or unauthorized access (Safeguards)
- Ensure that consumers’ personal financial information is not being collected under false pretenses (Pretexting)
These rules extend to more than just banks, credit unions and thrifts. Per GLBA information security regulations, the term financial institution covers many parallel sectors, including tax preparers, credit counselors, debt collectors, automobile dealers and much more. In general, if a business collects and shares personal information about consumers to whom they extend or arrange credit, they have an obligation to GLBA.
Meet GLBA Regulations with CSI Information Security
CSI Regulatory Compliance provides a variety of solutions specifically designed to meet GLBA requirements of compliance. Trained consultants work with internal IT staff to perform GLBA information security risk assessments while not disrupting normal business activities.
- Information Security: Protects sensitive information for your customers, members and institution, and lowers your risk against the rising threat of cyber attacks
- Penetration Testing: Keeps your security infrastructure updated by using proven methodology that mirrors assault methods of unethical attackers to detect and reinforce network vulnerabilities
- Vulnerability Assessment: Scans your entire network for vulnerability, performing patch management and port scanning