GLBA Compliance – Information Protection for Financial Services

Standards for safeguarding customer information, issued by several government regulatory agencies in response to Section 501 of the Gramm-Leach-Bliley Act (GLBA), require that financial institutions implement an information security program that considers specific technical safeguards for securing their customers’ nonpublic personal information (NPI). With the increasingly strict enforcement of the interagency guidelines for protecting customer information, financial institutions lacking the appropriate level of controls will find themselves having to deal with audit comments from agencies exerting substantial pressure to comply.

Complying with the interagency guidelines for NPI protection can be greatly facilitated by implementing a security solution that focuses on the protection of the data itself. An enterprise class system with centralized management and local enforcement of policies controlling access to NPI can provides consistent enforcement of those policies throughout the IT environment, facilitating both compliance and auditor verification of policy enforcement for NPI protection.

Enforcing Policies for NPI
Protection in Compliance with GLBA

Along with opening up the financial services industries by removing the restrictions that prevented the affiliation of banks, brokerages and insurance companies, the Gramm-Leach-Bliley Act (GLBA) mandates controls over customers’ nonpublic personal information with respect to usage, protection and distribution. Section 501 specifically requires the protection of nonpublic personal information, with Section 505(a) providing a list of specific agencies and authorities tasked with establishing and enforcing the standards outlined in Section 501(b) requiring administrative, technical and physical safeguards to:

  1. Ensure the security and confidentiality of customer records and information;
  2. Protect against any anticipated threats or hazards to the security or integrity of such records; and
  3. Protect against unauthorized access to or use of such records or information that could result in substantial harm or inconvenience to any customer.1

1 Senate Banking Committee, “Conference Report and Text of Gramm-Leach-Bliley Bill,”, 4/21/04.

Guidelines. These documents provide a clear description of the methods and technologies that regulators expect to be considered for appropriateness in meeting the outlined risk control guidelines. In effect since July 1, 2004, these GLBA guidelines for technical safeguards under Section 501 are being enforced with increasing rigor. This enforcement is requiring institutions to implement security controls to address the dynamic and escalating risk environment surrounding their customers’ personal information.

Amit Nayak

Latest Columns

Call Center August 2002 News

August 2002 Study Sees BPO Demand In India Growing At 15% Demand for businessprocess outsourcing (BPO) within the country is likely to grow by 15 per cent per annum, according to a study undertaken by the Associated Chambers of Commerce and Industry of India (Assocham).Based on the study covering 240 top decision-making executives from a […]

6 think tanks of Indian BPO industry announced

November 30, 2011: Swami Swaminathan, CEO Infosys BPO and Milind Godbole, Asia Pacific President Aditya Birla Minacs are among the six eminent personalities who made it to the Indian BPO industry’s maiden ‘India 6 (I6)’ think tank. I6 is promoted as the Indian counter part of the admired ‘G6’ think tanks organized by the Shared […]

Speak Your Mind