Gramm-Leach Bliley Act of 1999 (GLB) is also known as the Financial Services Modernization Act. It requires US financial institutions to share their data information sharing policies to consumers and the public, in order to safeguard sensitive data. The main focus of this act is the protection of consumer financial records and other personal information.

Specifically, Section 501(b) of the GLB requires financial institutions to protect the security, confidentiality and integrity of non-public customer information through “administrative, technical and physical safeguards”. It also requires each financial institution to implement a comprehensive written information security program that includes administrative, technical and physical safeguards appropriate to the size, complexity and scope of activities of the institution. This includes:

  • Insuring the security and confidentiality of customer records and information;
  • Protecting against any anticipated threats or hazards to the security or integrity of such records
  • Protecting against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.

For organizations affected by the standard, these requirements, combined referenced requirements under the Federal Deposit Insurance Act – section 36, result in the need to:

  • Safeguard and monitor customer records and information
  • Create and maintain effective risk assessments
  • Identify, implement and audit specific internal security controls that protect this data