What is glba

Examples of nonpublic personal information NPI include: An individual's income, social security number, marital status, amount of savings or investments, payment history, loan or deposit balance, credit or debit card purchases, account numbers or consumer reports The fact the individual has an account with a particular financial institution Any list, description or grouping of customers that is derived using a combination of nonpublic personal information NPI and publicly available information Any information the financial institution has obtained over the customer relationship or collected through cookies What are the Benefits of GLBA Compliance?

These additional privacy and security requirements, alongside the FTC's Privacy of Consumer Financial Information Rule Privacy Rule provide consumer protection benefits like: Private or sensitive information being secured against unauthorized access Customers being notified of private information sharing between financial institutions and third-parties, and having the ability to opt out if desired User and employee activity being tracked including any attempts to access sensitive information or protected records These benefits improve the reputation of your organization and increase customer trust, leading to greater customer loyalty, lower churne, higher lifetime value and less regulatory fines.

There are three major components of the GLBA, designed to work together to govern the collection, disclosure and protection of customers' nonpublic personal information NPI , namely: The Financial Privacy Rule: Restricts the sharing of nonpublic personal information NPI about an individual and requires financial institutions to provide each consumer with a privacy notice at the start of the customer relationship and annually thereafter.

The Safeguards Rule: Requires financial institutions to develop an information security plan that describes how the company is prepared for and plans to continue to protect customers' and former customers' nonpublic personal information NPI. Pretexting Protection: Pretexting or social engineering occurs when someone tries to gain access to nonpublic personal information without authority to do so. This may entail requesting private information by impersonating the account holder by phone, by mail or by phishing or spear phishing.

GLBA encourages organizations to implement safeguards against pretexting. This means that financial institutions are required to oversee service providers by: Taking reasonable steps to select and retain service providers who are capable of maintaining appropriate safeguards for customer information Contractually requiring service providers to implement and maintain safeguards Avoid vendors without SOC 2 assurance and consider investing in a cybersecurity tool that can automate vendor risk management by monitoring your vendors' security performance instantly , assigning them a security rating.

Book a demo today. Reviewed by. Kaushik Sen Chief Marketing Officer. Learn more Download our free ebooks and whitepapers Insights on cybersecurity and vendor risk management. View resources. Compliance and Regulations. Book a free, personalized onboarding call with one of our cybersecurity experts. Contact sales. Related posts Learn more about the latest issues in cybersecurity. What is SOX Compliance? This is a complete overview of SOX Compliance. Learn how to ensure your organization is compliant with the SOX Act in this in-depth post.

Abi Tyas Tunggal November 1, GDPR compliance is mandatory but few organizations know how to align with its tenants. In this post, we break down the framework in 10 steps. Edward Kost November 1, Top 10 Australian Cybersecurity Frameworks in We've compiled 10 of the best cybersecurity frameworks to protect Australian businesses from cyberattacks in Edward Kost October 25, Essential Eight Compliance Guide Updated for The Australian government is mandating compliance with the Essential Eight framework.

Learn about each of the controls and how to achieve compliance. Edward Kost October 21, What is ISO ? A Clear and Concise Explanation for Learn what it is and how to be compliant. Edward Kost September 10, View all blog posts. Get the latest curated cybersecurity news, breaches, events and updates in your inbox every week.

Free instant security score How secure is your organization? Request a free cybersecurity report to discover key risks on your website, email, network, and brand. Are you following the rules of the road? Financial institutions covered by the Gramm-Leach-Bliley Act must tell their customers about their information-sharing practices and explain to customers their right to "opt out" if they don't want their information shared with certain third parties. Is your company following the requirements of the Privacy Rule?

You are here. Gramm-Leach-Bliley Act The Gramm-Leach-Bliley Act requires financial institutions — companies that offer consumers financial products or services like loans, financial or investment advice, or insurance — to explain their information-sharing practices to their customers and to safeguard sensitive data. Related Updating you on FTC privacy and data security initiatives.

May 25, Apr 28, What is data center interconnect DCI layer 2 encryption? What is Root of Trust? What is a Certificate Authority? What is Code Signing? What is a Digital Signature? What is Time Stamping? What is certification authority or root private key theft? What is inadequate separation segregation of duties for PKIs?

What is insufficient scalability in a PKI? What is subversion of online certificate validation? What is lack of trust and non-repudiation in a PKI? What Is Pseudonymisation? What is the Shared Security Model? What is the Cloud Security Alliance? What is the Cloud Controls Matrix? What is the Consensus Assessment Initiative Questionnaire?