GLBA Compliance Security Financial Services

The main focus of the GLBA is to expand and tighten consumer data privacy safeguards and restrictions. The primary concern, related to the GLBA, of IT professionals and financial institutions is to secure and ensure the confidentiality of customers’ private and financial information. Maintaining GLBA compliance is critical for any financial institution, as violations can be both costly and detrimental to continued operations. However, by taking steps to safeguard NPI and comply with the GLBA, organizations will not only benefit from improved security and the avoidance of penalties, but also from increased customer trust and loyalty..

 Gramm-Leach-Bliley Act (GLBA). Instituted in 1999, the GLBA established measures to hold financial institutions responsible for the privacy of their clients’ data. 

 

Information Security and GLBA Compliance

The Bureau of Consumer Protection recommends a number of practices to ensure the privacy of customer financial data and maintain GLBA compliance. These include running thorough background checks on all potential employees and giving access to sensitive data only to those that need it, when they need it. All passwords should be complicated and frequently changed, and should not be stored on physical media, digital or otherwise

Encryption is another important aspect of protecting the security of financial data. When data is encrypted, it can’t be read unless someone has the key to decrypt it (Key for GLBA data privacy). Not only does this prevent prying eyes from snooping on your client’s information, but it also protects your business should that same data fall into the wrong hands. According to GLBA compliance protocol, you would have to report the breach to your customers, but you would be able to assure them that their data is still protected by encryption.

Our security and risk consultation services help support your GLBA and FFIEC compliance efforts by performing analyses to determine the appropriate controls to protect information based on your organizational risk.