Lesson 3 of 7

The Gramm-Leach-Bliley Act, formally known as the Financial Modernization
Act of 1999, is aimed at financial institutions and is enforced by eight
separate federal agencies and the states. Gramm-Leach-Bliley provides for a
fairly broad interpretation of the phrase “financial institution” and
not only affects banks, insurance companies, and security firms, but also
brokers, lenders, tax preparers, and real estate settlement companies, among

10 things you should know about Gramm-Leach-Bliley

Here’s a quick rundown of 10 things you should know about
this act:

  • Gramm-Leach-Bliley
    covers a wide range of business, but not all businesses are required to
  • Compliance
    is not an IT-only project.
  • You
    need to get your security policies in order.
  • Potential
    risks need to be continually identified.
  • Both
    non-public and public information must be protected.
  • Annual
    privacy policy information should include more than a Web page.
  • Businesses
    must keep tabs on third-party providers.
  • Data
    should be encrypted in storage and in transit.
  • Data
    you don’t need should be destroyed.
  • Contact
    a lawyer or consultant.

For more details about these points, download 10 things you should
know about the Gramm-Leach-Bliley Act

Weekly tips in your inbox

For weekly information on a variety of subjects related to IT compliance, including regulations outlined by Sarbanes-Oxley, HIPAA, and e-mail, sign up for TechRepublic’s free Compliance Issues newsletter.

Automatically sign up today!

How does this act affect your storage systems?

One major component of Gramm-Leach-Bliley
requires that safeguards be in place to protect your customers’ private
financial information. According to this section of the act, safeguards must be in
place in order to:

  • insure
    the security and confidentiality of customer records and information;
  • protect
    against any anticipated threats or hazards to the security or integrity of
    such records; and
  • protect against unauthorized access to or use of such
    records or information which could result in substantial harm or inconvenience
    to any customer.

For the full text, see the Gramm-Leach-Bliley Act.

What should you do to comply?

This overview of Gramm-Leach-Bliley looks at the specific aspects of the
act that deal with storage and data security. Author Scott Lowe explains the
requirements this way:

“Today’s interpretation of Gramm-Leach-Bliley calls for
controls on customer data, the strength of which are proportional to the
sensitivity of the information being stored. What this means is that your data
security goes well beyond your storage device alone and, in fact, encompasses a
company’s policies and procedures as well as the hardware that maintains the
storage infrastructure.

“When it comes to policies and procedures, you need to
define who can access which data, and under what circumstances. Further, you
should log access to sensitive customer information to help provide
accountability and provide a deterrent to insiders that threaten customer

To learn more about how to comply with the act, read Are
you in compliance with Gramm-Leach-Bliley storage requirements?

For a comprehensive list of Gramm-Leach-Bliley resources,
including free downloads, see page two.

Gramm-Leach-Bliley resources

White papers

  • Remote
    Service and Support After Gramm-Leach-Bliley

    This white paper from Enexity discusses key Gramm-Leach-Bliley requirements as they relate to
    electronic access to a financial institutions, customer information, and
    how the SecureLink Virtual Support Network
    product suite can help a financial institution comply with Gramm-Leach-Bliley guidelines, while also realizing
    the benefits of a robust remote support solution.
  • Conducting an electronic
    information risk assessment for Gramm-Leach-Bliley Act compliance
    In this white paper from the SANS Institute, Kevin Bong describes a
    process he developed for conducting an electronic risk assessment in
    accordance with the Gramm-Leach-Bliley Act, which he used to conduct a
    risk assessment for Johnson Financial Group.
  • E-mail
    Content Filtering Strategies for GLBA Compliance

    E-mail management systems must provide tools and techniques that enable
    companies to comply with the Gramm-Leach-Bliley Act. This white paper from
    Tumbleweed Communications outlines a strategy that will enable companies
    to meet their compliance obligations as they relate to the transmission
    and disclosure of Nonpublic Personal Information through an e-mail system.
  • The Gramm-Leach-Bliley
    Act versus Best Practices in Network Security

    In this white paper from the SANS Institute, the
    author focuses on Title V, section 501 of Gramm-Leach-Bliley, which
    mandates that financial institutions implement “administrative, technical,
    and physical safeguards” for customer records and information.


Course list

  • Lesson
    1: Sarbanes-Oxley
  • Lesson
    2: HIPAA
  • Lesson
    3: Gramm-Leach-Bliley
  • Lesson
    4: FERPA
  • Lesson
    5: U.S. Patriot Act
  • Lesson
    6: European legislation
  • Lesson
    7: What’s next?

Sign up for the Compliance Regulatory Overview series

If you haven’t subscribed to this series, automatically sign up today to receive the entire Compliance Regulatory Overview series in your inbox.

We want your feedback

Lesson 3 on Gramm-Leach-Bliley was:

 Very helpful
 Somewhat helpful
 Not helpful