GLBA, or the Gramm-Leach-Bliley Act, is a federal regulation that requires financial institutions to safeguard sensitive customer information and clearly explain their information-sharing practices. That means if you’re a higher education institution that offers financial services to students, you’re required to comply with the GLBA. Organizations that offers products like loans, insurance, or investment, tax, or banking services must also comply.
GreyCastle Security works with your institution to implement comprehensive GLBA Compliance solutions, identify areas in your existing system that aren’t up to GLBA requirements, and develop new practices and policies. After that, we help you maintain your safeguards and keep them up to date through continued maintenance and testing of your cybersecurity program, including penetration testing, vulnerability assessments, and more.
The GLBA Financial Privacy Rule says that financial institutions need to inform their customers properly of how personal information is used and must comply with limitations on the disclosure of personal information. Customers need crystal clear details of how their data is shared with third parties and a way to opt out of sharing information with non-affiliated third parties.
The GLBA Safeguards Rule requires any financial institution under FTC jurisdiction to have proper measures in place to secure and protect customer information. A detailed risk assessment will ensure you’re in compliance with the GLBA Safeguard Rule and show your clients and customers that you’re committed to their privacy.
The Pretexting Provisions pushes financial institutions towards greater protections against social engineering. GreyCastle Security can help you keep your employees up-to-date on cybersecurity best practices through training and awareness programs.
GLBA compliance is not a new concept.
Would your risk assessment make the grade? Do you need to prepare for GLBA audits?
Join GreyCastle Security's Vice President of Services to learn about why the risk assessment process must be run by the business.
Join F. Paul Greene, Partner at Harter Secrest & Emery, and Dan Didier, Vice President of Services at GreyCastle Security, for a timely update to get real-world insight on a new attack surface that is subject to exploit: student, applicant, and alumni data maintained on SaaS platforms.
This webinar will explore exactly what the GLBA requirements are, what the auditors are looking for and provide documentation examples to show an organized, deliberate and well-planned response.
Optimize Data Storage
Secure Email Communications
Track & Secure Digital Data
The penalties for failure to comply with the GLBA range from severe fines to prison time. Each violation can cost an organization $100,000, and individuals in leadership can be fined up to $10,000. A failure to protect customer data can have a severe impact on those customers’ lives and cause irreparable damage to your company’s reputation.
The Department of Education (DoE) has stated that it considers breaches of student records as an indication of a potential lack of administrative capability. This can lead to restrictions on your institution’s Title IV funding and may result in a total loss of eligibility.
If substantial risks to information security are found to exist, the Federal Student Aid’s Postsecondary Institution Cybersecurity Team may temporarily or permanently disable an institution’s access to the Department’s information systems or recommend administrative action or a fine.
There’s no good reason not to ensure your institution has the right measures in place to secure and protect financial and personally identifiable information. GreyCastle Security can help.