24 lines
934 B
Org Mode
24 lines
934 B
Org Mode
:PROPERTIES:
|
|
:ID: auto-glba
|
|
:CREATED: [2026-05-23 Sat]
|
|
:END:
|
|
#+title: GLBA (Gramm-Leach-Bliley Act)
|
|
#+filetags: :passepartout:compliance:framework:glba:
|
|
|
|
|
|
US federal law governing financial institutions' handling of nonpublic personal
|
|
information (NPI). Requires privacy notices, opt-out rights, and a Safeguards
|
|
Rule requiring an information security program.
|
|
|
|
Who must comply: Banks, credit unions, insurance companies, securities firms,
|
|
financial advisers. ~20,000 institutions.
|
|
|
|
Penalties: FTC-enforced. Civil penalties up to $100K per violation; officers
|
|
and directors personally liable.
|
|
|
|
Why it matters: The Safeguards Rule maps directly to gate stack access controls.
|
|
Every NPI access is gated; the proof log is the security program's evidence.
|
|
First-mover advantage is narrow (GLBA is well-understood) but the market is
|
|
large because every financial institution that dodges [[file:hipaa.org][HIPAA]] still faces GLBA.
|
|
|