What are the 3 sections of the GLBA?

The Three Sections of the Gramm-Leach-Bliley Act (GLBA)

The Gramm-Leach-Bliley Act (GLBA) is a federal law enacted in the United States to control the ways financial institutions deal with the private information of individuals. The Act consists of three sections:

Financial Privacy Rule

The Financial Privacy Rule regulates the collection and disclosure of private financial information. It requires financial institutions to provide clear and conspicuous notice of their privacy policies to customers and allows customers to opt out of sharing their information with unaffiliated third-party entities. (FTC, 2023)

Safeguards Rule

The Safeguards Rule focuses on information security and requires financial institutions to implement administrative, physical, and technical safeguards to protect customer information from cyber attacks and other cybersecurity risks. It also mandates the designation of a person responsible for the information security plan. (FTC, 2023)

Pretexting Provisions

These provisions prohibit the practice of pretexting, which involves accessing private information using false pretenses. While GLBA does not have specific requirements regarding pretexting, organizations are encouraged to include training to prevent pretexting scenarios in their information security policies. (Liu, 2023)

Key Facts

  1. Financial Privacy Rule: This rule governs the collection and disclosure of private financial information. It requires financial institutions to provide clear and conspicuous notice of their privacy policies to customers and allows customers to opt out of sharing their information with unaffiliated third-party entities.
  2. Safeguards Rule: The Safeguards Rule focuses on information security and requires financial institutions to implement administrative, physical, and technical safeguards to protect customer information from cyber attacks and other cybersecurity risks. It also mandates the designation of a person responsible for the information security plan.
  3. Pretexting Provisions: These provisions prohibit the practice of pretexting, which involves accessing private information using false pretenses. While GLBA does not have specific requirements regarding pretexting, organizations are encouraged to include training to prevent pretexting scenarios in their information security policies.

References:

FAQs

What is the Financial Privacy Rule?

The Financial Privacy Rule regulates the collection and disclosure of private financial information. It requires financial institutions to provide clear and conspicuous notice of their privacy policies to customers and allows customers to opt out of sharing their information with unaffiliated third-party entities.

What is the Safeguards Rule?

The Safeguards Rule focuses on information security and requires financial institutions to implement administrative, physical, and technical safeguards to protect customer information from cyber attacks and other cybersecurity risks. It also mandates the designation of a person responsible for the information security plan.

What are the Pretexting Provisions?

The Pretexting Provisions prohibit the practice of pretexting, which involves accessing private information using false pretenses. While GLBA does not have specific requirements regarding pretexting, organizations are encouraged to include training to prevent pretexting scenarios in their information security policies.

Who is subject to the GLBA?

The GLBA applies to financial institutions, brokers, dealers, and people providing insurance services, including investment companies and investment advisors.

What are the penalties for violating the GLBA?

Penalties for violating the GLBA can include fines, imprisonment, or both.

How can financial institutions comply with the GLBA?

Financial institutions can comply with the GLBA by implementing policies and procedures to protect customer information, providing clear and conspicuous notice of their privacy policies to customers, and training employees on how to prevent pretexting.

What are some examples of pretexting?

Examples of pretexting include calling a customer service representative and pretending to be the account holder in order to obtain account information, or sending a phishing email that appears to be from a legitimate source in order to trick the recipient into providing their login credentials.

How can I report a violation of the GLBA?

You can report a violation of the GLBA to the Federal Trade Commission (FTC) or to your state’s attorney general.