Three integral pieces of the 1999 Gramm-Leach-Bliley Act (GLBA) focus on the information security review of consumers’ personal financial information. Together, the Financial Privacy Rule, the Safeguards Rule and the Pretexting Provisions determine how financial institutions can collect this information and how they must ensure the security and confidentiality of it.
What is GLBA Compliance?
To meet GLBA regulations for customer information security review requests, all financial institutions must:
- Provide notice to customers about privacy requirements regarding their personal financial information (Financial Privacy)
- Establish, implement and maintain a customer Information Security Program that secures and protects consumers’ personal financial information from anticipated threats and/or unauthorized access (Safeguards)
- Ensure that consumers’ personal financial information is not being collected under false pretenses (Pretexting)
These rules extend to more than just banks, credit unions and thrifts. Per GLBA information security regulations, the term financial institution covers many parallel sectors, including tax preparers, credit counselors, debt collectors, automobile dealers and much more. In general, if a business collects and shares personal information about consumers to whom they extend or arrange credit, they have an obligation to GLBA.
Meet Gramm-Leach-Bliley Compliance with CSI Information Security
CSI Regulatory Compliance provides a variety of solutions specifically designed to meet the requirements of federal regulations. Trained consultants work with internal IT staff to perform GLBA information security risk assessments while not disrupting normal business activities.
- Information Security Review
Examines your policies, procedures, security and technology across the entire institution.
- Information Security Training
Provides your employees a better awareness of the current dangers faced by your institution and an understanding of the role they play in protecting it.
- Social Engineering Training
Gives your employees the ability to recognize and thwart social engineering before it endangers your institution.
- Social Engineering Testing
Explains the sinister intentions and techniques of attackers by performing actual simulations of malicious social engineering.
- External Penetration Testing
Uses proven methodology that mirrors assault methods of unethical attackers to detect and reinforce network vulnerabilities.
Scans your entire network for vulnerability, performing patch management and port scanning.
Contact CSI today to learn more about GLBA risk assessment solutions.