Understanding the data protection requirements of the Gramm-Leach-Bliley Act

Understanding the data protection requirements of the Gramm-Leach-Bliley Act

Personal data is privileged information, meaning it is information that ought to be reserved for those who own it and those who need it in service of the people who own it.

US legislators have enacted laws to protect citizens' personal data. It's crucial to uphold these laws, especially at a time when calls for data privacy and protection are stronger than ever. One such legal protection is the Gramm-Leach-Bliley Act of 1999.

What is the Gramm-Leach-Bliley Act?

The Gramm-Leach-Bliley Act of 1999 (GLBA), also called the Financial Services Modernization Act of 1999, is an act that compels financial institutions to communicate to their customers how their personal information such as name, address, contact details, bank and credit card numbers, and the like are shared. The act, which repealed part of the Glass-Steagall Act of 1933, also required financial institutions to inform customers of their right to opt out of a service if they don't want their personal information shared. Lastly, GLBA also applies specific protections to the customers’ private data based on the financial institution’s written information security plan.

The main data protection feature of GLBA under the Safeguards Rule essentially states that financial institutions are required to protect the consumer information they collect.

Benefits of GLBA compliance

Compliance with GLBA helps assure customers that the company is to be trusted, and that their personal information is always protected. It also reflects the company’s promise of transparency and accountability to their customers.

Essentially, GLBA compliance helps reduce the risk of penalty and reputational damage caused by unauthorized sharing of customer data or data loss.

GLBA compliance in 2019

When GLBA was signed into law in 1999, the tech and information landscape wasn’t quite anything like how we know it to be today. The cloud was invented in 1983 but it only achieved significant ubiquity in the mid- to late-2000s. Cloud computing in its current context was only coined in 2006 according to MIT Technology Review; as such, protocols for handling, storing, and managing information needed to remain aligned with GLBA mandates, even as it evolved and developed through the years.

IT providers can assist in a company’s compliance efforts by helping conduct a risk assessment, assign effective controls to mitigate risk, install safeguards to mitigate the risk of internal threats, and ensure all communications maintain data integrity. Reputable IT providers — such as Arnet Technologies — understand the requirements of GLBA, and can make sure that their services are well within the parameters of GLBA compliance.

GLBA penalties

If proven, GLBA non-compliance incurs the following penalties:

  • Financial institutions found in violation face fines of $100,000 for each violation;
  • Individuals in charge found in violation face fines of $10,000 for each violation, and;
  • Individuals found in violation may be imprisoned for up to five years.

Non-compliance also tends to ruin business reputation; customers will tend to shy away from businesses that have a bad history with data protection and regulatory compliance because they do not want to carry on more risk than they should.

Still worried about GLBA compliance? We’ll take you through the ropes. Contact us today to schedule your consultation!


We just released another FREE eBook: 3 Types of Cyber Security Solutions Your Business Must Have!DOWNLOAD HERE
+ +