GLBA

TECHNICAL DEFINITION

The Gramm-Leach-Bliley Act (GLBA), or the Financial Services Modernization Act of 1999, is a United States federal law that mandates financial institutions protect the confidentiality and security of nonpublic personal information (NPI). Compliance requires implementing the Financial Privacy Rule, which governs data sharing, and the Safeguards Rule, which necessitates a formal information security program to protect consumer data from unauthorized access and cyber threats.

BACKGROUND

In the context of information security, social engineering is the use of psychological pressure to influence people to perform actions or divulge confidential information. It has also been more broadly defined as "any act that influences a person to take an action that may or may not be in their best interests." A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in the sense that it is often one of many steps in a more complex fraud scheme. Phishing is a type of social engineering. Researchers have developed detection techniques and cybersecurity educational programs.

SYNONYMS & ALIASES

• Gramm-Leach-Bliley Act
• Financial Services Modernization Act of 1999
• Financial Privacy Rule
• Safeguards Rule
• NPI protection law
• Title V

USAGE NOTE

Organizations must adhere to GLBA's Safeguards Rule by implementing a comprehensive written information security plan to protect customer data.

DEVELOPERS

Organizations developing technology related to GLBA.

• OneTrust

  Provides a privacy, security, and governance platform that helps financial institutions automate GLBA compliance. Their technology assists with data discovery, privacy impact assessments, and managing consumer privacy rights under the GLBA Privacy Rule.

• Broadcom Inc. (Symantec)

  Develops the Symantec Data Loss Prevention (DLP) solution, which helps financial institutions identify, monitor, and protect nonpublic personal information (NPI) across endpoints, networks, and storage to comply with GLBA's Safeguards Rule.

• Microsoft

  Offers the Microsoft Purview suite, which provides data governance, information protection, and compliance management tools. These help financial organizations classify sensitive data, manage access controls, and implement data loss prevention policies to meet GLBA requirements.

• Tenable

  Develops vulnerability management and cyber exposure platforms like Tenable.io. These tools help financial institutions conduct continuous risk assessments of their information systems, a core requirement of the GLBA Safeguards Rule, by identifying and prioritizing vulnerabilities.

• Proofpoint

  Specializes in information protection and cybersecurity solutions that secure email and cloud applications. Their technology prevents data exfiltration and phishing attacks, helping to safeguard the sensitive customer financial information protected under GLBA.

• Forcepoint

  Delivers data-first SASE (Secure Access Service Edge) and data security solutions, including Data Loss Prevention (DLP). Their technology helps financial organizations discover, classify, and protect sensitive customer data wherever it is stored or used, directly supporting GLBA compliance.

• Splunk

  Provides a security information and event management (SIEM) and observability platform used by financial institutions to monitor security events, detect threats to sensitive data, and generate compliance reports, aiding adherence to the continuous monitoring aspects of the GLBA Safeguards Rule.

• Varonis

  Offers a data security platform that specializes in protecting sensitive data from insider threats and cyberattacks. The platform helps financial institutions meet GLBA requirements by identifying and classifying sensitive financial data, managing permissions, and monitoring data access activity.