0a8e77e949
- Moved everything from ideas/passepartout/ to projects/passepartout/ - Moved legal structures to projects/flags/ - Created missing _index.org files for all subdirectories - Stripped redundant passepartout- prefix from filenames - Rewrote root _index.org as generalized brain index (projects + concepts) - Updated Hugo nav to Projects/Concepts - Updated build script section descriptions - Deleted stale ideas/passepartout-economics.md orphan
1007 B
1007 B
GLBA (Gramm-Leach-Bliley Act)
US federal law governing financial institutions' handling of nonpublic personal information (NPI). Requires privacy notices, opt-out rights, and a Safeguards Rule requiring an information security program.
Who must comply: Banks, credit unions, insurance companies, securities firms, financial advisers. ~20,000 institutions.
Penalties: FTC-enforced. Civil penalties up to $100K per violation; officers and directors personally liable.
Why it matters: The Safeguards Rule maps directly to gate stack access controls. Every NPI access is gated; the proof log is the security program's evidence. First-mover advantage is narrow (GLBA is well-understood) but the market is large because every financial institution that dodges HIPAA still faces GLBA.