Gramm-Leach Bliley Act (GLBA)

Get started

Legislative summary
The Gramm-Leach-Bliley Act (GLBA), formally known as the Financial Modernization Act of 1999, established requirements for financial institutions in the United States to protect consumers’ personal financial information. The privacy and information safeguard rules outlined in the regulations apply generically to “financial institutions,” which include not only banks, but securities firms, mortgage companies, brokerages, insurance companies, tax preparation, debt collection and any other type of company that provides financial products or services to consumers.

The GLBA contains three principle requirements for covered organizations: Financial Privacy Rule, Safeguard Rule and Pretexting. The Financial Privacy Rule requires financial institutions to publish a privacy notice to their customers, explaining the financial institution’s policies for information collecting and sharing. Consumers must also have the right to limit the sharing of their personal information. The Safeguards Rule requires all financial institutions to design, implement and maintain safeguards and a security plan to protect the customer information that they handle. Although it does not relate to information technology, Pretexting rules prohibit financial institutions from various practices designed to fool or defraud consumers.

HP Application Security Center capabilities

• Assess your web applications for vulnerabilities that may result in the disclosure of sensitive or private financial information
• Verify that web application access to sensitive information is controlled by authentication and authorization
• Identify web application command injection vulnerabilities that may execute malicious code or programs
• Verify that links to privacy policies exist at appropriate places in your web applications
• Get detailed security assessment reports categorized by GLBA sections

Learn more