The Gramm-Leach-Bliley Act (GLB), formally known as the Financial Modernization Act of 1999, is aimed at financial institutions and is enforced by eight separate federal agencies and the states. Gramm-Leach-Bliley provides for a fairly broad interpretation of the phrase "financial institution" and not only affects banks, insurance companies, and security firms, but also brokers, lenders, tax preparers, and real estate settlement companies, among others. GLB requires financial institutions to take steps to ensure the security and confidentiality of customer records such as names, addresses, phone numbers, bank and credit card account numbers, income and credit histories, and social security numbers.
In addition, the Privacy Rule, found at 16 C.F.R Part 313 of the Federal Register, addresses concerns relating to consumer financial privacy. Under these regulations, colleges and universities are deemed to be in compliance with the privacy provisions of the GLB Act if they are in compliance with the Family Educational Rights and Privacy Act (FERPA).
Ten important items to know about GLB are listed below.
- Gramm-Leach-Bliley covers a wide range of business, but not all businesses are required to comply.
- Compliance is not an IT-only project.
- Companies needs to get their security policies in order.
- Potential risks need to be continually identified.
- Both non-public and public information must be protected.
- Businesses must keep tabs on third-party providers.
- Data should be encrypted in storage and in transit.
- Data that is not needed should be destroyed.
- Companies should contact a lawyer or consultant for advice.