Gramm-Leach-Bliley Act (GLBA)

The Gramm-Leach-Bliley Act (GLBA) is a U.S. federal law passed in 1999 that requires financial institutions to explain their information-sharing practices to customers and to safeguard sensitive data. It is also known as the Financial Services Modernization Act and is central to privacy and security regulations in the banking sector.

About Gramm-Leach-Bliley Act (GLBA)

What is GLBA compliance?

GLBA compliance refers to an institution’s adherence to the rules and standards set by the law—specifically, ensuring consumer financial information is collected, stored, and shared in a secure and transparent way. It requires implementing safeguards to protect non-public personal information (NPI) and mandates privacy disclosures that explain what data is shared and why.

What is the GLBA Safeguards Rule?

The Safeguards Rule is a core provision of GLBA that requires financial institutions to develop and maintain a written information security program. This program must include administrative, technical, and physical safeguards to ensure the confidentiality and integrity of customer information. Recent updates by the FTC have emphasized the need for multi-factor authentication, encryption, and regular risk assessments as part of compliance.

What is a GLBA audit?

A GLBA audit is a structured review of an institution’s compliance with the act. It typically examines data protection practices, incident response policies, third-party risk management, employee training, and security protocols. These audits are often conducted internally, by independent auditors, or by regulatory examiners. A failed audit can lead to penalties, reputational damage, or regulatory sanctions.

Secure verifications for every industry

We provide templated identity verification workflows for common industries and can further design tailored workflows for your specific business.