Gramm-Leach-Bliley Act (GLBA)
The Gramm-Leach-Bliley Act (GLBA) also known as the Financial Modernization Act of 1999 mandates financial businesses to explain the manner in which their share personal information. This in return assists in offering protection to sensitive personal information. Financial institutions are business organizations which offer financial services for instance insurance, investment advice, and loans to customers. Basically, GLBA comprises of three sections. They include;
- The Financial Privacy Rules that assists in overseeing the gathering and dissemination of personal financial information.
- The Safeguard Rule which enables financial institutions to have the capacity of implementing security programs aimed at protecting personal financial information.
- The Pretexting provision which assists in prohibiting the general access to personal information using some false pretenses.
Moreover, in order to comply with this Act, all the financial institutions are required to produce written privacy notices to their potential customers. The essence of that is to assist these financial organizations to explain their information-sharing procedures or practices to their esteemed customers.
What are the key concepts contained in the law / regulation?
The main concepts of the GLBA complaint include;
- Financial institutions are required to keep on updating or informing their clients how they share their nonpublic personal information (NPI).
- Financial institutions are required to inform their customers about the rights they have to opt out in case they prefer they information not to be disclosed to third parties.
- Financial institutions are required to apply protection measure to customers’ personal information as dedicated by the written data security plans developed by the organizations (Lord, 2018).
How does it impact an organization and its IT infrastructure?
The GLBA assists the IT infrastructure of the business organization to have the potential of securing confidentiality of the customer’s financial and personal information. The main focus of the FLBA entails expanding as well as tightening consumers’ private data. The general maintenance of the GLBA compliance is important to financial institutions because violations might be detrimental and costly to its day-to-day operating activities (Lord, 2018). Through the protection of NPI (nonpublic personal information), financial business organizations will enjoy penalty avoidance, improved security, and increased client loyalty and trust.
What policy, technical or procedural controls does the law / regulation require?
The following are some of the main technical, procedural, or policy controls which the law requires;
- NPI (nonpublic personal information) needs to be protected against unauthorized or illegal access
- Potential customers must be supplied with regular notifications to inform them how financial institutions share their private information with third parties. Moreover, must have the potential of opting out in case they prefer their personal information not be shared.
- Users’ activities must be tracked down including any unauthorized access to protected personal information
Why are those drivers important to the business?
According to Lord, (2018), compliance with the GLBA assists in protecting customers and their personal information which in return aid in building and strengthening the reliability of business organizations. Because of that, potential customers of the institution will be assured that their personal information will be kept safe. Security and safety is the one which assists in cultivating customer’s loyalty which in return assist in boosting the reputation of the institution.
How those drivers benefit the organization and help it meet its goals?
Financial institutions which comply with the GLBA have a low risk of incurring penalties and reputational damages that are caused by illegal access, sharing, and loss of personal information.
References
Lord, N. (2018). What is GLBA compliance? Understanding the data protections requirements of the Gramm-Leach-Bliley Act. Retrieved December 28, 2018, from https://digitalguardian.com/blog/what-glba-compliance-understanding-data-protection-requirements-gramm-leach-bliley-act