25 lines
1007 B
Org Mode
25 lines
1007 B
Org Mode
:PROPERTIES:
|
|
:ID: 4a2bc62b-3f21-4212-9cd9-f9add8fc0be1
|
|
:ID: auto-glba
|
|
:CREATED: [2026-05-23 Sat]
|
|
:END:
|
|
#+title: GLBA (Gramm-Leach-Bliley Act)
|
|
#+filetags: :passepartout:compliance:framework:glba:
|
|
|
|
|
|
US federal law governing financial institutions' handling of nonpublic personal
|
|
information (NPI). Requires privacy notices, opt-out rights, and a Safeguards
|
|
Rule requiring an information security program.
|
|
|
|
Who must comply: Banks, credit unions, insurance companies, securities firms,
|
|
financial advisers. ~20,000 institutions.
|
|
|
|
Penalties: FTC-enforced. Civil penalties up to $100K per violation; officers
|
|
and directors personally liable.
|
|
|
|
Why it matters: The Safeguards Rule maps directly to gate stack access controls.
|
|
Every NPI access is gated; the proof log is the security program's evidence.
|
|
First-mover advantage is narrow (GLBA is well-understood) but the market is
|
|
large because every financial institution that dodges [[id:84fb5f8f-0527-4df0-b6b6-dbf3bcff8a7f][HIPAA]] still faces GLBA.
|
|
|