What is CMMC? CMMC Update Archives CMMC Links
Consulting Employee Training Security Awareness Training Public Speaking Expert Witness
White Papers Newsletters CMMC Update Articles Videos Interviews
What you need to know about GLBA

In 1999, Congress enacted the Gramm Leach Bliley Act (“GLBA”) to provide a framework for regulating the privacy and data security practices of financial institutions. Many people think of banks and credit unions when they see "financial institution" but the applicability of GLBA is much broader. Specific examples of financial institutions which fall under GLBA include:

  • A retailer that extends credit

  • An automobile dealership that leases automobiles

  • A personal property or real estate appraiser

  • Career counselor

  • A business that prints and sells checks for consumers

  • A business that regularly wires money to and from consumers

  • A check cashing business

  • An accountant or other tax preparation service

  • A business that operates a travel agency in connection with financial services

  • An entity that provides real estate settlement services

  • A mortgage broker

  • An investment advisory company and a credit counseling service

  • A company acting as a finder in bringing together one or more buyers and sellers

Part of GLBA, the FTC Safeguards Rule, received a major update in 2021 that placed greater and much more specific requirements for protecting customer information, with an additional update in 2024 with reporting requirements for cyber security incidents and other forms of data breaches.

Some of the new cyber security requirements include multi-factor authentication, file and/or disc encryption, anti-virus/anti-malware software, patching systems and applications, and strong passwords. While a handful of the new requirements do not apply to small financial institutions (fewer than 5,000 consumers), the rule points out that they

will still need to conduct risk assessments, design and implement a written information security program with the required elements, utilize qualified information security personnel and train employees, monitor activity of authorized users, oversee service providers, and evaluate and adjust their information security program. These are core obligations under the Rule any financial institution that collects customer information must meet, regardless of size.

What does this mean for your organization? If your operations fall under any of the examples above, GLBA needs to be part of your organization's risk management program.

Need help? That's what we do! Contact us.

Speak with an Expert

Contact

The Net Effect, L.L.C.
Post Office Box 885
Mobile, Alabama 36601-0885 (US)
phone: (251) 433-0196
email: sales at theneteffect dot com
Secure Payment Center






Site Map

Home
CMMC
PCI
GLBA
Consulting
Employee Training
Public Speaking
Expert Witness
Workshops
About

Resources


CMMC
Newsletter
Whitepapers
Articles
Videos
Interviews



The Net Effect, LLC

Copyright 1996-2025 The Net Effect, L.L.C. All rights reserved. Read our privacy policy