The GLBA is a federal law that mandates financial institutions to provide customers with clear explanations of their information-sharing practices while ensuring the protection of sensitive consumer data. The Act is divided into three primary sections: the Financial Privacy Rule, which governs the collection and disclosure of nonpublic personal information; the Safeguards Rule, which requires institutions to implement comprehensive information security programs; and the Pretexting provisions, which prohibit obtaining private information under false pretenses. From a cybersecurity perspective, the document is highly relevant to Data Privacy, Information Security Governance, and Access Control, as it requires administrative, technical, and physical safeguards to protect against unauthorized access and potential data breaches. Recent amendments have further emphasized Incident Response by introducing mandatory breach notification requirements for the Federal Trade Commission (FTC)
Home / Function (NIST CSF 2.0) / PR - Protect / DS - Data Security
US Gramm-Leach-Bliley Act (GLBA)
This document focuses on:Data Privacy