GLBA compliance

Picture

The Financial Services Modernization Act, a.k.a. the Gramm-Leach-Bliley Act (GLBA), was established in 1999. The GLBA Act requires financial products and services providers to develop a comprehensive information security program to safeguard sensitive customer information such as social security and credit card numbers.
Download GLBA datasheet

Key facts and data security requirements you should know

  • Beyond banks, securities firms, and insurance companies, GLBA impacts any organization that services consumer loans, transfers money, prepares tax returns, or provides financial advice
  • GLBA requires organizations to: Define Non-Public Personal Information (NPPI), secure privacy and protection of customer records, and create a uniform standard of consumer notification
  • GLBA noncompliance can lead to severe civil and criminal penalties, including fines of up to $100,000 per violation and even imprisonment
  • GLBA permits financial institutions to share personal customer information only among affiliates within a holding company

^ back to top

Proven GLBA data loss prevention

Citizens Bank protects customer data with Vontu solutions

Citizens Bank needed to reduce the risk of insider threats that could expose confidential customer data, financial data and intellectual property. It also needed to prepare for an upcoming regulatory board audit by the Office of the Comptroller of Currency (OCC). Citizens Bank chose Vontu Network Monitor to secure sensitive company information and demonstrate GLBA and FDIC compliance. The bank utilized Vontu's pre-built GLBA policy template to establish its detection rules and accurately monitor email and other network communications as well as detect exposed NPPI on laptops, desktops, or shared file servers. With Vontu solutions, Citizens Bank was able to quickly identify and reduce their risk of confidential data loss and demonstrate compliance for the OCC audit and for other regulators.

^ back to top

How Vontu solutions demonstrate GLBA compliance

Vontu solutions provide comprehensive GLBA data loss prevention for any organization that stores and/or transmits NPPI. Advantages include:

  • Pre-defined GLBA Policy Template with Vontu's TrueMatch™ detection suite for the highest accuracy in the industry
  • Discover and protect NPPI exposed on file servers, databases, Microsoft SharePoint®, Lotus Notes®, Documentum®, LiveLink®, web servers, Microsoft Exchange®, and other data repositories
  • Monitor and prevent NPPI loss on the network including email, IM, Web, Secure Web (HTTP over SSL), FTP, P2P, and generic TCP
  • Discover NPPI stored on the endpoint, such as desktops and laptops, and prevent this data from being inappropriately used, sent out, or copied to storage devices such as USB drives, CD/DVDs, or iPods
  • Enables national banks to demonstrate internal controls for the OCC, FTC and other regulatory audits
  • Comprehensive audit support through GLBA compliance reports and role-based dashboards
  • Automatic encryption enforcement routes exposed NPPI to encryption servers
  • Automatically enforce NPPI data security policies with a centralized platform for detection accuracy, policy management and automated incident response, notification, workflow and compliance reporting, to help organizations change employee behavior and pinpoint compliance gaps in existing business processes
  • Role-Based Access Control enables business units and departments to review and remediate only those GLBA incidents relevant to their role and privileges.

Download the Eight Steps to Data Security Compliance whitepaper

^ back to top