Gramm Leach Bliley Act (GLBA)

Originally signed on November 12, 1999, the GLBA mandated financial institutions to develop standards relating to administrative, technical and physical controls to protect their respective clients' non-public personal information from being disclosed to third parties.

In January 2003 member agencies of the Federal Financial Institutions Examination Council (FFIEC) issued new examination guidance that expands on the GLBA data protection rule. The new guidance requires banks to take specific action to protect all information assets, not just customer information.

In essence, this law requires each and every financial institution to create and implement a comprehensive and ongoing information security program and maintain the program current. Non-compliance of GLBA can result in a variety of fines and up to 5 years of imprisonment for each violation.

Enterprise Risk Management can help alleviate the insurmountable pressure that GLBA can place on an institution. Allow our professionals to help you develop a comprehensive security program including:

• Security function definition
• Security committee definition
• Policies, standards, procedures and guidelines development
• Risk assessment performance
• Information ownership definition
• Information classification
• Security regulation considerations
• Logical, physical and administrative security considerations
• Contingency planning considerations
• Incident response program definition
• Security metrics program definition
• Human resource considerations
• Legal considerations
• Help desk / User support considerations
• System life cycle management considerations
• Security awareness program definition
• Partnerships with external provider considerations
• Periodic security review definition

Let Enterprise Risk Management help you navigate the myriad of requirements related to the GLBA Act.

Other Resources - http://www.ftc.gov/privacy/privacyinitiatives/glbact.html