Ensure GLBA compliance with RecordPoint

The Gramm-Leach-Bliley Act (GLBA) is a U.S. federal law passed in 1999 that governs how financial institutions have to protect consumer financial data.

RecordPoint empowers financial services companies to comply with the data privacy provisions of GLBA and other important laws.

About the Gramm-Leach-Bliley Act

The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act, was passed on November 12, 1999. It implemented several new rules related to the protection of consumer financial information for financial services companies like banks, credit unions, and insurance companies.

The GLBA rules:

  • The Financial Privacy Rule – This rule governs the collection and disclosure of private financial information. It also provides for the dissemination of privacy notices that clearly communicate how the institution uses the data it collects.
  • The Safeguards Rule – The rule that requires financial institutions to implement security programs designed to protect private customer information. The rule states that financial institutions have to deploy administrative, technical, and physical safeguards to protect personal data from internal and external threats. These protections need to be documented in an information security program.
  • The Pretexting Rule – This rule prohibits accessing private financial information under false pretenses. In practice, this is called "pretexting," and is especially crucial to understand with the rise in phishing attacks. Financial institutions follow this rule by training their employees to spot phishing attempts.

The GLBA is named for Senator Phil Gramm (R, Texas), Congressman Jim Leach (R, Iowa), and Congressman Thomas J. Bliley, Jr. (R, Virginia) – the three legislators most directly associated with the bill. GLBA did several things beyond implementing new rules related to protecting consumer financial information.

GLBA repealed large portions of the Glass-Steagall Banking Act of 1933 and the Bank Holding Company Act of 1956, allowing banks, brokerages, and insurance companies to merge. Part of getting the act passed meant adding the three new rules around protecting consumer financial information.

The purpose of the GLBA is to ensure that banks and other financial institutions protect consumer information with effective security programs, beyond enabling organizations that previously had to remain separate to merge.  Regulatory updates have shifted standards for the GLBA in recent years. The Privacy Rule previously required notification of data breaches for incidents including 1,000 customers; it has since been dropped to incidents including 500 customers.

How can businesses comply with the GLBA?

There are specific steps that financial services companies need to take to comply with GLBA, which include:

How RecordPoint can help

RecordPoint can help U.S. companies facilitate their GLBA compliance with several key features, including:

Data minimization

Proactively dispose of data you don’t need with custom retention policies that make minimization effortless.

AI classification

Use AI to classify data instantly, so you know exactly where sensitive data lives and how to protect it.

Compliance task automation

Automate compliance tasks with AI and machine learning models trained on your data.

Data discovery

Discover where all your data lives to get a comprehensive picture of your data estate, so you can better understand and protect it.

Penalties for noncompliance

The penalties for non-compliance can be significant; companies can be fined $100,000 for each violation, and individuals charged and imprisoned for up to five years. That’s why leaders and key decision-makers must prioritize GLBA compliance.

Frequently asked questions

Have another question? Looking for more details? Reach out to our friendly team who will be happy to help.

Contact Us
What agency manages compliance with GLBA?
What kind of data is covered under the GLBA?
What businesses are covered under the GLBA?