Gramm-Leach Bliley (GLBA) - Regulations to protect consumers' personal financial data

Gramm-Leach Bliley (GLBA) Regulation Summary - The Financial Services Modernization Act of 1999, more commonly known for its authors, Gramm-Leach-Bliley, includes provisions to protect consumers' personal financial information held by financial institutions. As part of its implementation of the GLB Act, the Federal Trade Commission (FTC) issued the Safeguards Rule under section 501(b), requiring financial institutions under FTC jurisdiction to secure customer records and information. The three main objectives of GLBA 501(b) are to: ·     Ensure the security and confidentiality of customer records and information ·     Protect against any anticipated threats or hazards to the security or integrity of such records ·     Protect against unauthorized access or use of such records or information which could result in substantial harm or inconvenience to any customer.   The security process recommended by the FFIEC comprises five key areas: ·     Information security risk assessment ·     Information security strategy ·     Implement security controls ·     Security testing ·     Monitoring and updating

The Federal Financial Institutions Examination Council (FFIEC) is made up of examiners from many different regulatory bodies tasked with GLBA enforcement.  They have created a comprehensive Information Security Handbook with a set of tests (includes over 20 rules specifically related to intrusion prevention and detection) to help you assess compliance with the Safeguards Rule.