GLBA
Gramm-Leach Bliley Act - GLBA
The Financial Services Modernization Act of 1999, more commonly known for its authors, Gramm-Leach-Bliley, includes provisions to protect consumers' personal financial information held by financial institutions. The flexibility introduced to the financial services industry via GLBA in 1999 came at a price, the regulation mandates a "Safeguards Rule" that requires every financial institution, regardless of its lines of business, to implement a risk-based information security program aimed primarily at protecting the client and customer data.
Specific guidance on implementing the Safeguards Rule under section 501(b) is provided by the Federal Financial Institutions Examination Council (FFIEC), which publishes a comprehensive Information Security (IS) Handbook to help financial services organizations comply with a broad range of mandates, including GLBA and many others. The FFIEC IS Handbook provides the blueprint of best practices that address initiating, implementing, maintaining and enhancing the necessary security objectives and controls within financial services organizations, to meet the Safeguards Rule of GLBA.
The three main objectives of GLBA 501(b) are to:
Ensure the security and confidentiality of customer records and information
Protect against any anticipated threats or hazards to the security or integrity of such records
Protect against unauthorized access or use of such records or information which could result in substantial harm or inconvenience to any customer.