The Gramm-Leach-Bliley Act (GLBA) was enacted to protect consumer financial information from mistakes within companies that industry process, transfer, and store massive amounts of consumer data. Disregarding the GLBA requirements for secure consumer data can result in a number of serious consequences: catastrophic data loss, loss of reputation among customers, a $100,000 fine for each violation, and even jail time.
To avoid these penalties, financial organizations are urged to maintain strict awareness of access, monitoring, and logging of financial information, and perform adequate compliance audits using the Federal Financial Institutions Examination Council (FFIEC) Examination Handbook for Information Security.
About GLBA Compliance
The GLBA was established in 1999 to improve consumer security within the financial industry. Its main function was to remove regulations that prevented the merger of different types of financial institutions such as banks and insurance companies. Opening up competition between companies and modernizing the financial services industry in this way has allowed organizations to pursue growth opportunities that would otherwise not be available.
Section 501(b) of the GLBA, often referred to as FFIEC compliance, focuses on the protection of information. The increased security prioritization allows each financial institution to establish and maintain trust with its customers and protect its reputation.
The GLBA has seen several formal updates since it was enacted in 1999, including the 2011 supplement “Authentication in an Internet Banking Environment.” This supplement in particular addresses the concepts of authentication, layered security, and other strategies for ensuring up-to-date security procedures for consumer financial information.
Tips for Remaining GLBA Compliant
Maintaining GLBA compliance is a priority for any financial organization that wishes to avoid the consequences of a major data breach. However, in light of the sheer amount of data that financial institutions process and store and the ever-changing nature of its customer base, this can be quite an undertaking. Here’s a look at several important tips that can guide GLBA compliance:
- Focus on core requirements
The GLBA’s core Safeguards Rules require every organization’s to meet minimum compliance requirements for safeguarding customer data. This makes an organization’s to-do list very clear: designate an employee to coordinate the safeguards; identify and assess the risks to customer information in each area of the company’s operation; design a written information plan; select compliant service providers; and evaluate and adjust the program over time.
- Consider the risks associated with social media
Financial organizations should keep in mind the risks associated with social media, including what could happen if an employee’s official social media account were to be accessed or hacked. To support this awareness, the FFIEC released a risk management guide for the use of social media.
- Review the latest technologies at least yearly
The security industry can welcome new changes and challenges rapidly over the course of a week or month. At the very least, your designated GLBA compliance officer should review the latest technology and security updates once per year to consider the quality and relevancy of the security protocols you have in place.