gbrain: sync converted org-mode brain files

ideas/compliance/glba.org

@@ -0,0 +1,23 @@
+:PROPERTIES:
+:ID:       auto-glba
+:CREATED:  [2026-05-23 Sat]
+:END:
+#+title: 
+#+filetags: :passepartout:compliance:framework:glba:
+
+
+US federal law governing financial institutions' handling of nonpublic personal
+information (NPI). Requires privacy notices, opt-out rights, and a Safeguards
+Rule requiring an information security program.
+
+Who must comply: Banks, credit unions, insurance companies, securities firms,
+financial advisers. ~20,000 institutions.
+
+Penalties: FTC-enforced. Civil penalties up to $100K per violation; officers
+and directors personally liable.
+
+Why it matters: The Safeguards Rule maps directly to gate stack access controls.
+Every NPI access is gated; the proof log is the security program's evidence.
+First-mover advantage is narrow (GLBA is well-understood) but the market is
+large because every financial institution that dodges HIPAA still faces GLBA.
+