:PROPERTIES:
:ID:       auto-glba
:CREATED:  [2026-05-23 Sat]
:END:
#+title: 
#+filetags: :passepartout:compliance:framework:glba:


US federal law governing financial institutions' handling of nonpublic personal
information (NPI). Requires privacy notices, opt-out rights, and a Safeguards
Rule requiring an information security program.

Who must comply: Banks, credit unions, insurance companies, securities firms,
financial advisers. ~20,000 institutions.

Penalties: FTC-enforced. Civil penalties up to $100K per violation; officers
and directors personally liable.

Why it matters: The Safeguards Rule maps directly to gate stack access controls.
Every NPI access is gated; the proof log is the security program's evidence.
First-mover advantage is narrow (GLBA is well-understood) but the market is
large because every financial institution that dodges HIPAA still faces GLBA.