Skip to content

Gramm-Leach-Bliley Financial Modernization Act (GLBA)

Protect the security & confidentiality of your customer's nonpublic personal information

• Assessment Report

• Policies & Procedures

• Remediation Tracking

• Action Plan Reminders

• Form Templates​

• Vulnerability Scan​

• Pen Testing

Demonstrate your Compliance with GLBA

GLBA stands for the Gramm-Leach-Bliley Act, a U.S. federal law enacted in 1999. Its official title is the “Gramm-Leach-Bliley Financial Modernization Act.” The primary purpose of GLBA is to promote the integration of financial services, such as banking, securities, and insurance, while ensuring the privacy and security of consumers’ nonpublic personal information.

The key provisions of the GLBA include:

1. Privacy Rule: This rule mandates that financial institutions inform their customers about their information-sharing practices and allow customers to opt out of having their non-public personal information shared with certain third parties.

2. Safeguards Rule: The Safeguards Rule obliges financial institutions to develop, implement, and maintain a comprehensive information security program to protect the security and confidentiality of customers’ nonpublic personal information.

3. Pretexting Provisions: The GLBA prohibits individuals from using false pretenses to obtain the personal information of customers from financial institutions.

The GLBA is monitored and enforced by several regulatory agencies, depending on the type of financial institution involved:

1. Federal Trade Commission (FTC): The FTC has primary enforcement authority for financial institutions that are not subject to the oversight of other federal regulators. This includes certain types of financial institutions, such as mortgage lenders, payday lenders, and non-depository lenders.

2. Office of the Comptroller of the Currency (OCC): The OCC oversees and enforces GLBA compliance for national banks and federal savings associations.

3. Federal Reserve System (FRS): The FRS monitors and enforces GLBA compliance for state-chartered banks that are members of the Federal Reserve System.

4. Federal Deposit Insurance Corporation (FDIC): The FDIC is responsible for monitoring and enforcing the GLBA compliance for state-chartered banks that are not members of the Federal Reserve System and state-chartered savings banks.

5. National Credit Union Administration (NCUA): The NCUA oversees and enforces GLBA compliance for credit unions.

6. Securities and Exchange Commission (SEC): The SEC is responsible for regulating and enforcing GLBA compliance for broker-dealers and registered investment advisors.

Financial institutions subject to the GLBA include banks, credit unions, securities firms, insurance companies, and other entities that offer financial products and services to consumers. These institutions must comply with the provisions outlined in the GLBA to protect the privacy and security of their customers’ personal information.

Connect with our Certified Data Privacy Experts to assess your controls and prove your compliance with GLBA. Our engagement options are ideal for organizations of all sizes with and without an experienced in-house IT team. Connect with an expert or schedule a consultation to explore the option that is best for your organization.

Engagement Options

Choose a plan that fits your need

Explore Blogs, Webinars and other Resources

Trusted by Reputed Companies

pVerify, Inc.
Electronic Data Solutions
Bernard Robinson & Company
Avance Care
iCliniq
Botsplash
Logically
Mr.Internet Systems
Vision Radiology
Tangible Solutions
Tangible Solutions
WorkSmart
Triyam
Med First Primary and Urgent Care
Arizona State Radiology
DataCaliper
Dose Spot Company Logo
DoseSpot
Forsyte I.T. Solutions
Tego Data

Accreditations and Associations

* Disclaimer: This list of accreditations is held by our team of employees and consultants.

What Our Clients Say

We used databrackets (formerly EHR 2.0) in our small medical practice for our risk analysis assessment to be in compliance with meaningful use. Their response was fast, the final report is detailed but simple and easy to follow. They were always available to answer our questions.
E. Compres
Pulmonary and Sleep Center of the Valley
I never miss the opportunity to learn something new …that’s why I am always registering to all free seminars offered on the web. databrackets (formerly EHR 2.0) happened to be the friendliest, comprehensive and up-to- date source of HIPAA Privacy and Security updates.
Alexandra V.
Community Healthcare Network
Today’s presentation was great! Thank you for sending the slides. My only feedback is that it would be fabulous to have the slides ahead of time so I could print them and take notes on the slides.Thanks for your time and knowledge today!
T.B., PM
Community Health Network
Particularly interesting was the flow chart on Administrative Simplification. I utilize all of the Security subcategories you list under the Security tile and appreciate knowing that I am hitting all of the relevant topics during my employee training.
Jessica B.
JD, CHC
I have re-worked our original risk assessment….We are using databrackets' (formerly EHR 2.0) Meaningful Use Security Risk Analysis Toolkit and it meets our needs. It was easy to use and I believe that it very beneficial to our meeting meaningful use.
Bill Curtis
Neurosurgical Associates Of Texarkana, TX
Information (webinars) presented by databrackets (formerly EHR 2.0) highlights some of today’s most demanding healthcare topics. The webinars help to direct those operating in today’s rapidly changing environment in the right direction.
Candace M.
Privacy and Security Officer, Springhill Medical Center

Our Growing List of Credentials

0 +
Assessments
0 +
Clients
0 +
Assessment Libraries
0 +
Years of Experience
0 +
External audits handled