glba-compliance-checklist

GLBA Compliance Checklist

GLBA refers to Gramm-Leach-Bliley Act (also known as the Financial Services Modernization Act of 1999) which aims to protect the private information of consumers. In this article, we took a closer look at GLBA requirements.

What is GLBA?

GLBA refers to Gramm-Leach-Bliley Act (also known as the Financial Services Modernization Act of 1999) which aims to protect the private information of consumers. It concerns the financial institutions that offer financial services and products such as loans, insurance, financial and/or investment advice.

Gramm-Leach-Bliley Act concerns the institutions that operate within the borders of the United States of America and consists of three different sections:

The Financial Privacy Rule: This section aims to regulate the collection of private financial information and restricts its disclosure and mandates the institutions to notify their customers on their privacy policies.

The Safeguards Rule: This section requires the financial institutions to adopt proper security programs that aim to protect personal financial information.

Pretexting Provisions: This section prohibits all kinds of pretexting practices. Pretexting refers to the methods of acquiring private information under false pretenses.

Who must comply with GLBA?

GLBA compliances are required for all sizes of institutions that offer financial services. Companies that are not considered as ‘financial’ institutions like mortgage brokers, retailers that issue credit cards and such are also within the scope of GLBA compliances. Below you can find a list of business actions that makes your business non-exempt from the GLBA regulations.

  • Brokering loans
  • Servicing loans
  • Offering a service regarding the collection of debts
  • Offering services regarding funds such as lending, transferring, exchanging, or investing
  • Offering services regarding real estate settlement
  • Providing advice on investment, economy or finance
  • Providing counselling services to professionals that work in finance

GLBA Compliance Checklist

In order to make sure that your business complies with GLBA requirements, you must meet the principles below:

Guaranteeing the security and confidentiality in regards to NPI

Protecting your organization against unauthorized access that can potentially harm your customers or cause any inconveniences for them

Protecting your organization against any threats targeting the integrity and/or security of NPI

In this article, we offer you 10 simple steps to make sure that your organization complies with the GLBA regulations.

  1. Getting familiar with the regulations and how they affect your organization

In order to make necessary adjustments, you must first understand the act thoroughly. For this purpose, you can ask help from your legal experts.

  1. Conduct a comprehensive risk assessment

For the second step, you must understand the potential risks regarding NPI and detect the threats and vulnerabilities that can endanger sensitive information.

  1. Make sure that efficient controls are implemented to alleviate the risks

Examiners of GLBA often asks for proof regarding your organization’s ability to control all threats and vulnerabilities regarding the sensitive information.

  1. Protect your organization from threats within

Make sure that you don’t have any ill intended employees that can harm and/or endanger your organization.

  1. Ensure that your service providers are GLBA-compliant

If you opt for using a service provider in regards to your NPI needs, you must definitely make sure that your service provider complies with GLBA.

  1. Do the necessary tests to confirm that your organization meets the requirements of the privacy rule

You must make sure that your organization meets the related requirements and inform your customers on this issue.

  1. Don’t forget to update your DR and BCP plans

Make sure that you have appropriate and updated response plans. You must test all your plans every year and update when necessary.

  1. Prepare a written plan regarding the information security plan of your organization

In accordance with the Safeguards Rule, your organization must provide a written plan on information security.

  1. Don’t miss out on annual reports to the GLBA board

Your organization is required to provide annual reports to GLBA Board.

  1. Review and update your processes regularly

Learn more about Logsign`s SIEM and SOAR solutions in order to improve your cyber security.

References:

https://searchcio.techtarget.com/definition/Gramm-Leach-Bliley-Act

https://www.skyhighnetworks.com/cloud-compliance/glba-compliance-requirements/

https://techwerxe.com/glba-compliance-checklist/

https://www.blackstratus.com/compliance/glba-compliance/

https://resources.infosecinstitute.com/how-to-comply-with-the-glba-act-10-steps-2/#gref

Leave a Reply

Your email address will not be published. Required fields are marked *