GLBA applies to companies that provide financial products or services to consumers. This includes: banks, mortgage brokers, insurance firms, real estate appraisers, tax preparation businesses, check-cashing businesses, accountants, ATM operators and others.
What Information Do I Have to Protect?
If you are a financial institution as defined by the act, you must safeguard nonpublic personal information (NPI), also known as personally identifiable information (PII). This can include information like:
- Names, addresses, phone numbers, Social Security numbers
- Bank account numbers, credit card numbers
- Income, credit history, or other information provided on an application
The GLBA limits how you share this information, who you share this information with, and what you must do to protect it.
What are GLBA Compliance Requirements?
As a part of GLBA compliance, you’re mandated to meet the following requirements:
The Financial Privacy Rule:
The first item on your GLBA compliance checklist should be the Financial Privacy Rule. The point of this regulation is that you provide the appropriate notices of your privacy policies and practices to consumers, which are defined as individuals using your product or service for personal applications. You’ll also need to offer consumers the option to opt in or out of having their NPI disclosed to non-affiliated third parties.
The Safeguards Rule :
This regulation is why GLBA compliance and cybersecurity are often mentioned together. The Safeguards Rule requests that applicable financial institutions implement policies for securing customer information — customers are defined as individuals that maintain a relationship with your organization. As a part of this GLBA compliance requirement, you’ll need to ensure your affiliates and service providers maintain an NPI protection plan.
The Pretexting Provisions:
Another GLBA standard that involves cybersecurity is the Pretexting Provisions, which encourage financial institutions to develop safeguards for pretexting, also known as social engineering. To comply with this regulation, organizations often develop a written plan for monitoring account activity, as well as training staff that may provide NPI to a fraudulent entity.
How to Attain GLBA Compliance?
If you’re required to comply with this FTC standard, a critical item on your GLBA compliance checklist will be your cybersecurity. Because of the Safeguards Rule and Pretexting Provisions, you’ll need a cybersecurity solution that provides comprehensive monitoring, event logging and log management, as well as an infrastructure that’s compliant with GLBA.
At Ducara, we provide a secure and cloud-based solution for GLBA compliance. Our company can generate GLBA-compliant reports with ease, as well as monitor and remediate customer accounts and malicious activity around-the-clock, ensuring your organization delivers reliable service to your customers and consumers.