Gramm-Leach-Bliley Act (GLBA): Safeguards and Regulatory Framework

Verified

Added on 2022/09/27

AI Summary

This report provides a detailed analysis of the Gramm-Leach-Bliley Act (GLBA), also known as the Financial Modernization Act of 1999. It explains the law's purpose, which is to regulate how financial institutions share and protect customer's private information. The report outlines the key components of GLBA, including the Privacy Rule, the Safeguards Rule, and the provisions against pretexting. It identifies organizations subject to GLBA, such as banks, payday lenders, and tax preparers, and details the requirements for compliance, including the need for a written information security plan (WISP). The report also explores the relationship between the Federal Trade Commission (FTC) and other federal agencies in enforcing GLBA, and discusses the Act's implications for high education. The report emphasizes the importance of protecting non-public personal information (NPI) and ensuring confidentiality, security, and protection against unauthorized access. It examines the Safeguards Rule, the FTC's role, and how colleges and universities are affected by the Act.

Running head: GRAMM-LEACH-BLILEY ACT (GLBA)
GRAMM-LEACH-BLILEY ACT (GLBA)
Name of the Student
Name of the Organization
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
GRAMM-LEACH-BLILEY ACT (GLBA)
GRAMM-LEACH-BLILEY ACT (GLBA)
Purpose, Scope and Key Requirements
The Gramm-Leach-Bliley Act is also known as the Act of Financial Modernization of
the year 1999. It is mainly the federal law of United States which needs various financial
institutions for explaining the way of sharing as well as protecting the private information of
various customers (Lin & Li, 2017). The Gramm-Leach-Bliley Act is the federal law of US
which has been created mainly for controlling the way various financial organizations are
dealing with all the various non-public information of the customers which are highly
personal. This is the specific information which any financial institutions will be collecting
whenever any financial service will be provided which can be able to properly identify any
individual. The Act is known to be comprising of three main features which will be involving
the Privacy Rule, the Safeguards rule and the provisions which are pretexting (Abdel-Khalik,
2016). The particular rule for privacy will be regulating both the utilisation as well as the
collection of NPI and on the other hand, the specific rule for safeguarding will be needing
various institutions which are financial for implementing a program of security for protecting
NPI. Lastly, the provisions of pretexting will be prohibiting the particular access to that of
NPI under the pretence which is totally false (Ahmad et al., 2016). From the specific point of
view of the compliance, all the various principles which are required to be met are ensuring
both confidentiality as well as security of NPI and protection against any kinds of access
which is totally unauthorised which can be causing a harm which is hugely substantial. The
principle which are to be met will also be involving protection against any kinds of threats
which can be greatly affecting either the integrity or rather the security of NPI (Fountain &
Hamilton, 2014). For being the compliant of GLBA, all the various financial institutions must
be properly communicating to all of their various customers regarding sharing of the sensitive
data by the customers. All the customers must be properly informed about their specific right

2
GRAMM-LEACH-BLILEY ACT (GLBA)
to choose-out if they will be preferring that all of their personal data will not at all shared
with some external parties.
Organizations complying with GLBA
There are a number of organizations which have been associated with the privacy and
institutional security media slideshow which must be complying with GLBA and they will be
involving all the various financial organizations. There are a number of businesses which
may be properly complying with GLBA are actually all the various financial institutions but
what is actually considered as the financial institution is known to be going much further than
all the banks which are under GLBA (Zhao & He, 2014). Under this GLBA, a specific
institution which is financial will be involving a number of various businesses that are
properly engaged in offering various financial services or rather products. All of such
businesses or financial institutions will be involving businesses of cashing of check, lenders
of payday, brokers of mortgage, lenders of non-bank, appraisers of real estate, preparers of
tax which are professional like the firms of CPA and the services of courier.
GLBA SafeGuards Rule
It has been noticed that the very first hurdle which is under GLBA is the compliance
with the particular Safeguards Rule which has been issued by FTC. It needs a number of
various institutions which are financial for having various measures in proper place for both
protecting as well as securing the information of the customers which they will be actually
collecting. The specific Safeguard Rule is also known for being applied to all the operators of
ATM which will be receiving a lot of information regarding all the customers of various
institutions which are financial (Barth & Jahera, 2013). The very first need of the safeguard
rule is that all the various financial organizations must be possessing a written security plan
of information which will be describing various procedures of the organization for the

3
GRAMM-LEACH-BLILEY ACT (GLBA)
protection of the information of the customers. The WISP is known to be involving various
safeguards which are both technical as well as physical which will be perfect for the size of
the business and the nature of the various activities of it. As a specific part of WISP, each and
every company must be doing some of things like:
 Designation of one or more employees for the proper coordination of the security
program of information security.
 Identification as well as assessing of various risks for the information of the customers in
each and every area of the operation of the company which will be relevant and will be
evaluating the specific effectiveness of the recent safeguards for the proper controlling of
such risks.
 Designing as well as implementing a specific safeguard program and regular monitoring
as well as testing it.
 Selection of the various providers of service which can be maintaining proper safeguards,
making sure that the contract will be needing them to properly maintain various
safeguards and overseeing their specific handling of the information of the customers
(Natter, 2014).
 Evaluation as well as the adjustment of the program in light of various circumstances
which are relevant involving the alternations in the business or the operations of the firm.
The Safeguards Rule also needs proper addressing of the risks to the information of
the customers in various areas of operation which will be involving three different areas
which are specifically essential for the security of the information (Filson & Olfati, 2014).
These three areas will be involving the management as well as the training of employee,
systems of information and the detection as well as the management of failures in system.
There are number of various ways of both assessing as well as addressing such risks

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
GRAMM-LEACH-BLILEY ACT (GLBA)
involving the agreements of the confidentiality of the employee, checks of reference,
protection of password and some other various safeguards which are technological.
Relationship between FTC and other federal agencies to GLBA
The Gramm-Leach-Bliley Act has been enacted in the year 1999. In the addition to
the proper reform of the specific industry of financial service, the act also addresses some of
the various concerns which have been related to the financial privacy of the customers. The
particular act of Gramm-Leach is observed to be requiring the Federal Trade Commission
(FTC) and some other agencies of government which will be capable of regulating various
financial organizations for implementing a number of regulations for further carrying out the
financial provisions of privacy of the Act (Hodges, 2013). FTC is hugely responsible for
particularly enforcing the privacy rule which is basically the privacy of the financial rule of
information of the customers. Understanding the reason behind the application of various
rules of GLBA can be confusing for sometimes. GLBA is known to be applicable to all the
various educations of high education as all the colleges have been well participating in certain
kinds of activities which are financial which have been well defined in the law of banking. It
has been known that administering the loans of federal students is one of the kinds of main
activities which will be pulling several institutions under the umbrella of GLBA. However, it
has been well noticed that all the various colleges as well as universities are not at all fully
fitting the specific traditional model of the financial organization (Kam, Katerattanakul &
Hong, 2016). In such a case, FTC has greatly offered some huge flexibility upon the
particular side of privacy.

5
GRAMM-LEACH-BLILEY ACT (GLBA)
References
Abdel-Khalik, A. R. (2016). Transforming Big Banks into Bucket Shops: The Impact of
Gramm-Leach-Bliley Act & The Commodity Futures Modernization Act. Available
at SSRN 2814100.
Ahmad, A., Misra, P., Ono, F., Priest, C., Suarez, J., & Urcioli, A. (2016). The information
privacy domain. International Journal of Information Privacy, Security and
Integrity, 2(4), 307-329.
Barth, J. R., & Jahera, J. S. (2013). Gramm-Leach-Bliley Act: Creating a New Bank for a
New Millenium. Encyclopedia of Finance, 213-217.
Filson, D., & Olfati, S. (2014). The impacts of Gramm–Leach–Bliley bank diversification on
value and risk. Journal of Banking & Finance, 41, 209-221.
Fountain, L., & Hamilton, P. (2014). Kicking down the firewall: an examination of the
leadership decisions behind the Gramm-Leach-Bliley Act (Doctoral dissertation).
Hodges, S. (2013). Examining the Gramm–Leach–Bliley Act's opt-out method for protecting
consumer data privacy rights on the Internet. Information & Communications
Technology Law, 22(1), 60-85.
Kam, H. J., Katerattanakul, P., & Hong, S. (2016). IT Governance Framework: One Size Fits
All?.
Lin, J. H., & Li, X. (2017). Regulatory policies on Gramm-Leach-Bliley consolidation of
commercial banking, shadow banking, and life insurance. Journal of International
Financial Markets, Institutions and Money, 50, 69-84.
Natter, R. (2014). The Reasons for the Gramm-Leach-Bliley Act. Available at SSRN
2427956.

6
GRAMM-LEACH-BLILEY ACT (GLBA)
Zhao, R., & He, Y. (2014). The accounting implication of banking deregulation: an event
study of Gramm-Leach-Bliley Act (1999). Review of Quantitative Finance and
Accounting, 42(3), 449-468.