What is GLBA Compliance?
|
|
In the world of data security, GLBA compliance refers to the Financial Privacy Rule subsection of the Gramm-Leach-Bliley Financial Modernization Act of 1999.
|
|
|
The act was passed to protect the privacy of information held by financial institutions.
|
|
|
GLBA is one of several important laws enacted in the US which mandate data security measures for information systems. Compliance with GLBA is a legal requirement falling on banks, insurance companies and other financial organizations.
|
|
|
There are three principal parts to the privacy requirements: The Financial Privacy Rule, the Safeguards Rule and pretexting provisions.
|
|
|
The Safeguards Rule, mandates a clear plan or policy to protect the confidentiality and integrity of personal consumer information and requires risk analysis and management.
|
|
|
The pretexting provisions of the GLB Act protect consumers from individuals and companies that obtain their personal financial information under false pretenses (so-termed "pretexting")
|
|
|
Many of these dangers result from a lack of access control and authorizations. Section 6801 explicitly places responsibility on the institution to ensure the security of all customer records and information and to protect against unauthorized access.
|
|
The Dangers of Inadequate Protection
|
|
There has been a rise in recent occurrences of Federal cases in the US against financial organizations who failed to provide reasonable and appropriate security for sensitive consumer information. Poor access control, weak passwords and insufficient monitoring and auditing measures are cited time and time again in legal cases.
|
|
|
The compromising of sensitive customer information has resulted in fraudulent charges to bank accounts and credit cards in the order of millions of dollars. Details of actual cases can be found on the United States Federal Trade Commission website, www.ftc.gov.
|
|
What Measures Can You Take to Ensure GLBA Compliance?
|
|
Bsafe Information Systems produces compliance products for improving data security on a range of different hardware and software platforms. Among them are IBM mainframe, System i, Windows, SQL Server and AIX.
|
|
|
Our products provide protection from outsiders and from unauthorized internal access, monitoring, control, auditing and alerting. To learn more about these compliance products, click on the appropriate item below.
|
|
|
|
|
