GLBA Compliance Overview
The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Modernization Act (1999) is a US federal law that requires financial institutions to explain how they share and protect their customers’ private information, or non-public personal information (NPI). NPI includes Social Security numbers, credit and income histories, credit and bank card account numbers, phone numbers, addresses, names, and any other personal customer information received by a financial institution that is not public.
To be GLBA compliant, financial institutions must communicate to customers how they share their customers’ sensitive or non-public personal data, inform customers of the right to opt-out if they prefer that their personal data not be shared with third parties, track user activity including any attempts to access protected records, and apply specific protections to customers’ private data in accordance with a written information security plan created by the financial institution. The information security plan must be tailored specifically to the institution’s size, operations, and complexity, as well as the sensitivity of the customers’ information.
The GLBA is enforced by the Federal Trade Commission (FTC), the federal banking agencies, and other federal regulatory authorities, as well as state insurance oversight agencies. Maintaining GLBA compliance is critical for any financial institution, as violations can be both costly and detrimental to continued operations.
The Covata Solution for GLBA Compliance
Financial institutions have policies mandating certain safeguards for NPI. Most organisations are mature in their ability to employ these safeguards for structured data (e.g. database) environments, but unstructured data (e.g. file sharing) environments are often unprotected. This gap in protection of NPI can result in non-compliance with GLBA. To address GLBA compliance gaps associated with unstructured data, financial institutions need to understand where non-public personal information is stored, so they may apply appropriate controls to secure that information according to their written security plans.
The Covata solution for GLBA compliance allows financial institutions to quickly and easily locate non-public personal information, encrypt that information, centrally manage permissions to protect against unauthorised access, and log all permitted and denied access requests.
Features and Advantages
- Locate customers non-public personal information in shared drives and web portals, in both data centres and clouds to ensure it has the correct protection applied
- Encrypt customer’s personal and financial data no matter where it is stored to apply appropriate protection in accordance with the financial institutions written information security plan
- Allow IT administrators to manage customer’s private and financial data without having access to view it
- Granular auditing and monitoring of all permitted and denied requests to access protected customer records