The Financial Services Modernization Act, or the Gramm-Leach-Bliley Act (GLBA) allowed commercial and investment banks to consolidate. GLBA included rules to govern the collection, disclosure, and protection of consumers’ nonpublic personal information (NPPI) and personally identifiable information (PII).

Key information privacy rules in GLBA include Financial Privacy, Pre-texting, and Safeguards Protection.

The Financial Privacy Rule requires firms to establish a privacy agreement with its customer concerning the protection of the customer's NPPI (e.g. a consumer's name, address, social security number, account number, status as a customer, credit history, etc.).

The Pre-texting rule pushes institutions to guard against pre-texting or "social engineering" breaches, such as impersonating authorized persons or phishing.

The Safeguards Rule requires financial institutions to create a written information security plan describing how the company protects current and former client NPPI.

Benefits

Financial institutions must put in place a policy to protect consumer information from foreseeable threats to security and data integrity, and scrutinize how they manage private data with risk analysis on their current processes.

Noncompliance can lead to fines of up to $100,000 per violation and imprisonment.

Deliverable

The deliverable from this project is a detailed report showing our findings for each of the GLBA controls along with a risk based score.   A detailed list showing suggested remediation steps is included.