Gramm-Leach-Bliley Act (GLBA)

2:03 pm Paul Falcone

Gramm-Leach-Bliley Act (GLBA)

GLBA

Covered Entities: Non-Bank Financial Institutions

Governed by the Federal Trade Commission (FTC)

The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Modernization Act of 1999, is a United States federal law requiring financial institutions to explain how they share and protect their customers’ private and nonpublic personal information (NPI). Covered entities must develop, implement, and maintain a comprehensive information security program that includes physical safeguards appropriate to defining attributes of the affected organization and the sensitivity of the NPI at issue.

In 2021, in direct response to widespread and devastating data breaches, the Federal Trade Commission enacted an updated rule under GLBA that strengthens data security safeguards (the “Safeguards Rule”) that financial institutions must implement to protect their customers’ financial information. The Safeguards Rule applies to all non-bank financial institutions, even loosely identified as such, including mortgage companies, pawn brokers, and car dealers.

A key aspect of the Safeguards Rule requires that non-bank financial institutions implement a policy for the secure disposal of customer information no later than two years after the last date that the information was used, unless retention is otherwise required for legal, regulatory, or legitimate business purposes.

While the Safeguards Rule under GLBA requires data disposal after two years of non-use, it does not mandate a specific data destruction methodology. Best practice for complying with the 2021 Safeguards Rule includes following NIST 800-88 data disposal requirements. All of SEM’s high security paper shredders, disintegrators, IT shredders, IT crushers, and degaussers are appropriate for the disposal of GLBA covered data following NIST 800-88 protocols.

Read More

credit-card-data

Protecting Financial and Insurance Data: Key Compliance Mandates to Know

Every day, financial institutions face threats of data breaches, making cybersecurity a critical aspect of their operations. As technology evolves, so do the malicious tactics … Continue reading Protecting Financial and Insurance Data: Key Compliance Mandates to Know

shred-laptop

Why Data Centers Need to Know About GLBA Compliance

Data privacy and data protection rules are hot topics, having prompted us to consider exactly how we share, store, and dispose of our personal information … Continue reading Why Data Centers Need to Know About GLBA Compliance

pii-security

The Importance of the NIST 800-88 Standard for Media Sanitization in Secure Data Destruction

Trends in data storage are changing at an exponential rate. The past few years alone have seen the progression of data storage from large servers … Continue reading The Importance of the NIST 800-88 Standard for Media Sanitization in Secure Data Destruction