GLBAGramm-Leach-Bliley Act

We advise your organization on its relationship to the GLBA, assess your information security needs, and establish steps toward GLBA compliance

GLBA Updated Safeguards Rule

The FTC’s revised Safeguards Rule is designed to help organizations ensure the security and confidentiality of customer information and protect against anticipated threats or unauthorized access to sensitive data.

CampusGuard is eager to help your organization understand how the GLBA and the updated Safeguards Rule apply to your environment and identify next steps in building an information security program to meet your organization’s ongoing compliance requirements.

Comprehensive GLBA Risk Assessments

All financial institutions are required to be compliant with the GLBA. For campus and community-based organizations with many end users and multiple payment systems and applications, it can be difficult to keep track of all the data that you are required to protect. We’ve got you covered with our GLBA Compliance Assessment.

Financial Privacy Rule

A financial institution must provide notice to their customers with regard to how their financial information is being used, shared, and protected. This rule also covers the collection and disclosure of private financial information.

Safeguards Rule

A financial institution must develop, implement, and maintain an information security plan to protect customers' nonpublic personal information.

Pretexting Provisions

A financial institution should develop procedures designed to detect fraudulent activity to further protect customers' nonpublic personal information.

CampusGuard's GLBA Compliance Assessment

Our goal for the assessment is to identify and analyze areas of risk, understand the impact of third party services, and evaluate the sampled areas against the appropriate industry-recognized information security frameworks. We will gauge your organization’s compliance with these key cybersecurity elements of the GLBA Safeguards Rule:

  • A documented information security program

  • Designated employee(s) to coordinate the program

  • Identify reasonably foreseeable internal and external risks to data security via formal, documented risk assessments

  • Employee training and management

  • Information systems, including network and software design, as well as information processing, storage, transmission, and disposal

  • Control the risks identified, by designing and implementing information safeguards and regularly test/monitor their effectiveness

Request a GLBA Consultation

Access the Higher Ed Guide to Achieving GLBA Compliance

GLBA Guide

This guidance document is designed to help higher education institutions understand how the GLBA and the updated Safeguards Rule apply to campus environments, and how best to meet the new compliance requirements which took effect June 9, 2023. The guide will help your institution effectively structure your information security program with tools to:

  • Clarify GLBA impact and who it applies to
  • Identify the information and systems in scope
  • Outline best practices for protecting customer information
  • Specify written information security program requirements
  • Pinpoint next steps with a GLBA Compliance Checklist
  • Understand the benefits of GLBA Compliance
  • Learn more about CampusGuard’s GLBA online training course and assessment services
  • Access additional resources, such as case studies and blog articles that provide GLBA guidance and insight
Download the GLBA Guide

Why Choose CampusGuard?

At CampusGuard, our assessment methodology is designed specifically for complex, campus and community-based organizations. Our GLBA experts work directly in partnership with your organization to help you understand the requirements, identify vulnerabilities, and report recommended steps for remediation.

Explore GLBA Training Course
$ 183

Cost per lost record of Personally Identifiable Information (PII) (1)

52 %

Of data breaches in 2023 involved some form of customer PII (1)

$ 100000

Cost of penalty fines for non-compliance with the GLBA (2)

1 IBM Cost of a Data Breach

2 United States Securities and Exchange Commission

Explore Our GLBA Video Series

Looking for more insight into GLBA requirements, new updates, and how to prepare your organization for an audit? Watch our must-see GLBA Video Series to learn more actionable steps to help you achieve and maintain GLBA compliance.

Related Products and Services

penetration testing

Penetration Testing

Our experienced, certified professionals take to their keyboards like a hacker to identify your vulnerabilities and provide recommendations for remediation.

Explore Penetration Testing
vulnerability management

Vulnerability Scanning

Automated and manual scanning tools are used to discover vulnerabilities such as deficiencies in patch management, outdated virus and malware protection, and mis-configurations that could lead to information leaks on complex, campus systems.

Explore Vulnerability Management
customized training options

Online Training

Our courses are designed to keep everyone within your organization up-to-date on the latest information in cybersecurity and compliance.

Explore Online Training
prerequisites

Compliance Assessments

We offer a robust assortment of cybersecurity and compliance assessments to meet all of your needs with our comprehensive step-by-step approach.

Explore Compliance Assessments
competitive pricing

Treasury Solutions

A holistic approach to better define, deploy, and manage how payments are accepted, disbursed, administered, and reconciled.

Explore Treasury Solutions
create and delivery of final report

PCI DSS

Protect your customers' sensitive cardholder data with the help of CampusGuard's suite of PCI DSS Compliance products and services.

Explore PCI DSS

Simplify Your Safeguards

Protecting the nonpublic personal information of your customers can be achieved through a GLBA Compliance Assessment with CampusGuard.

Get Started Today
Quote

"We have been working with CampusGuard for the past six years and their services have been invaluable. Our Chief Strategy and Technology Officer, Chris Boniforti, had a vision to increase IT Security and awareness at the university and the first step toward that was for us to formalize a PCI program and align with NIST standards. CampusGuard was instrumental in helping us achieve his goals. They helped us complete a PCI Assessment, which eventually helped us build our PCI compliance program. Next, we added a GLBA Compliance assessment, GDPR brainstorm sessions, review and updating of University IT Security policies and most recently an external penetration test.”

Joey Rego

Associate Director of Information Security, Lynn University

GLBA Frequently Asked Questions

The Gramm-Leach-Bliley Act (GLBA) is a federal law in the US that aims to protect the privacy of consumer financial information by requiring financial institutions to inform customers about their information-sharing practices and to allow customers to opt-out of certain types of information sharing. It also requires financial institutions to establish safeguards to protect the security and confidentiality of customer information.

The GLBA applies to a wide range of financial institutions, including banks, securities firms, insurance companies, and other financial service providers. It is enforced by several federal agencies, including the Federal Trade Commission (FTC) and the Federal Reserve Board.

The GLBA applies to a wide range of financial institutions, including:

  • Banks and credit unions
  • Securities firms, including broker-dealers, investment companies, and investment advisors
  • Insurance companies, including life, health, and property and casualty insurers
  • Mortgage brokers, loan servicers, and other non-bank lenders
  • Financial service providers, including check-cashing and money-transmission businesses
  • Any other entity that provides financial products or services to consumer

GLBA applies to both large and small financial institutions, and compliance is required regardless of the size of the institution.

The GLBA has three main rules that financial institutions must comply with to protect the privacy and security of customer information. These rules include:

  1. Financial Privacy Rule: This rule requires financial institutions to provide customers with a privacy notice that explains what information is collected, how it is used, and how it is shared. Financial institutions must also provide customers with the opportunity to opt-out of sharing their non-public personal information with third parties.
  2. Safeguards Rule: This rule requires financial institutions to develop, implement, and maintain a comprehensive information security program to protect the confidentiality, integrity, and availability of customer information. The program must be appropriate to the size and complexity of the institution and the nature and scope of its activities.
  3. Pretexting Protection Rule: This rule prohibits the practice of pretexting, which is when someone uses false pretenses to obtain customer information from a financial institution. Financial institutions must have procedures in place to verify the identity of any person requesting customer information, and they must report any unauthorized attempts to obtain customer information to the appropriate authorities.

According to the FTC Safeguards Rule, there are numerous components that financial institutions must consider when developing their information security program. These include:

  1. Risk Assessment: Financial institutions must identify and assess the risks to customer information in their possession.
  2. Security Program: They must develop a written information security program to address the identified risks. This program should outline the procedures and measures in place to protect customer information.
  3. Designate a Coordinator: Appointing an individual or team responsible for coordinating and overseeing the information security program is necessary.
  4. Employee Training: Training employees to implement the information security program effectively and maintain the security of customer information is crucial.
  5. Access Controls: Implementing access controls to limit access to customer information to authorized individuals only.
  6. Service Provider Oversight: Financial institutions need to evaluate the security practices of their service providers who have access to customer information and ensure they implement appropriate safeguards.
  7. Regular Monitoring and Testing: Ongoing monitoring and periodic testing of the information security program are necessary to identify vulnerabilities and address them promptly.
  8. Adjustments and Updates: The information security program should be regularly reviewed, updated, and adjusted in response to changes in technology, the sensitivity of customer information, and other factors.
  9. Incident Response and Recovery: Establishing a plan to respond to and recover from security incidents involving customer information, including notifying affected individuals when necessary.

While the specific requirements may vary depending on the size and complexity of the financial institution, these components generally form the foundation of a comprehensive information security program under the Safeguards Rule. CampusGuard is ready to assist your organization in meeting GLBA compliance. Let us know how we can help!

West Virginia University
Case Study GLBA

West Virginia University Achieves GLBA Compliance Partnering with CampusGuard

Learn how CampusGuard's remediation strategies enabled WVU to make decisions about security-related initiatives to accept, reduce, or eliminate risks. They also support longterm strategic risk management activities to ensure the protection of NPI.

View the Case Study about the West Virginia University Achieves GLBA Compliance Partnering with CampusGuard
Explore all Insights