(Part 7 in our series on IT Compliance Concerns.)
In the earlier posts in our compliance series, we covered SOX, HIPAA, and PCI DSS compliance. Here, we will examine what GLBA compliance is and how it might affect you and your company.

GLBA stands for Gramm-Leach-Bliley Act. This act is also referred to as the Financial Services Modernization Act. The GLBA primarily repealed parts of the Glass-Steagall Act by removing prohibitions against banking, insurance, and securities companies that prevented them from acting as combinations of investment banks, commercial banks, and insurance companies. The GLBA also regulates how financial institutions handle the private information of individuals.

The three sections of the GLBA that cover privacy issues are the financial privacy rule, the safeguards rule, and the pretexting provisions. The financial privacy rule deals with the collection and disclosure of private financial information. The safeguards rule requires financial institutions to implement security provisions to protect private financial information. The pretexting provisions prohibit accessing such information under false pretenses. The GLBA additionally requires financial institutions to provide their customers with privacy notices explaining the information sharing practices of the institution (although this requirement may be modified with recent legislation at the end of 2015).

Which companies are affected by GLBA compliance?
Financial institutions are the companies primarily affected. For example, a retail company would not need to be concerned about complying with GLBA rules, even though they might still have other obligations to protect their customers’ information. According to the University of Cincinnati’s Office of Information Security:

“GLBA covers businesses such as banks, appraisal companies, mortgage brokers, securities firms, insurance companies, credit card issuers, income tax preparers, debt collectors, real estate settlement firms, and other companies that may have self-financing plans… GLBA indicates that any business ‘significantly engaged’ in financial activities is subject to GLBA.”

In addition to this, companies affected by GLBA rules may also require their service providers to also follow them.

What are the penalties for failing to comply with GLBA?
There are severe civil and criminal penalties for noncompliance. These can include both fines and imprisonment. And it is not just the companies that can be penalized. Officers and directors can also face these penalties.

A financial institution violating GLBA rules may face:

●    Civil penalties of not more than $100,000 per violation.
●    Officers and directors of such a financial institution will be subject to, and personally liable for, a civil penalty of not more than $100,000 per violation.
●    Such an institution and its officers and directors will also be subject to fines in accordance with Title 18 of the United States Code or imprisonment for not more than five years, or both.

What does a business need to do to comply with GLBA?
Remember that compliance cannot be handled by your IT department alone. GLBA requires executive management to participate in responsibility for compliance.

Your company will need to keep your information security policies up-to-date, devote resources to continually identify potential risks, follow GLBA provisions for the release of both public and private information, be aware of whether it is necessary to provide annual privacy notifications, monitor the actions of third-party service providers, encrypt data, keep careful track of when it is time to destroy data, and possibly hire a lawyer or consultant to help with complexities.

Coming soon: Part 8 in our series on IT Compliance Concerns, “What Does My IT Team Need to Know About GLBA Compliance?”

To learn more about GLBA and related issues:

●    Gramm-Leach-Bliley Act definition.

Other posts in this series:
●    Part 1: Making Sure Your Business is SOX Compliant
●    Part 2: What Does Your IT Team Need to Know About SOX Compliance?
●    Part 3: What Does HIPAA Mean?
●    Part 4: What Does Your IT Team Need to Know About HIPAA Compliance?
●    Part 5: Is Your Company PCI Compliant?
●    Part 6: What Does Your IT Team Need to Know About PCI DSS Compliance?

If you want to know more about What is glba stands for, Feel free to contact us. We will assist you.

As mobile devices continue to infiltrate organizations, the demand for secure solutions becomes critical. By 2017, the bring-your-own-device (BYOD) and enterprise mobility market is expected to reach upwards of $181 billion. The introduction of these new devices influence the way businesses collaborate, communicate and innovate. In order to maintain their status as a market leader, organizations must stay ahead of the quickly evolving technology trends and develop ways to securely integrate them into day-to-day operations. Here’s a breakdown of a few of the mobile trends that are quickly becoming hot topics for 2014:

Predicting the potential risks of wearable technology

According to research firm Juniper, 2014 is the year that wearable technology goes mainstream. Last year, Google launched its highly anticipated glasses and Samsung rolled out a smart watch, while other big tech players including Apple gear up to introduce a whole new breed of wearable tech. On the horizon: smart contact lenses, LED sweaters that can sense your mood and even fingernails rigged with individual radio frequency identification (RFID) tags, allowing the wearer to perform a variety of tasks normally completed with a card.

A recent Fortinet survey, which was conducted across 20 countries and surveyed 3,200 21-32 year old employees, found that 16 percent of respondents agreed that they would use wearable technologies in work or for work purposes as soon as they become available and 33 percent as soon as their price is affordable. Juniper cautions that privacy will be an ongoing issue with wearable tech, as cameras go everywhere – including the workplace. IT teams will face similar challenges and risks as with mobile devices, the most important of which is protecting corporate data.

Stepping up security with a multi-layered approach

As more business processes are extended to mobile, many organizations are finding uses for both mobile device management (MDM) and containerization, either for different deployments or on the same device. Organizations with highly sensitive proprietary content or in strictly regulated industries may prefer the added security that MDM and containerization on the same device provides. A corporate container deployed on a managed device provides an extra barrier to access corporate content. Users are required to enter both a device-level passcode and a container-level passcode, and administrators have both device-level controls and application-level controls that enable app-to-app collaboration with other managed and secure applications within the container.

This approach also creates a sense of segmentation between work and play for end users, bringing a dual-persona feel to managed devices by isolating corporate content inside a secure container. MDM and containerization are often thought of as mutually exclusive security solutions, but today’s most innovative organizations are taking a layered approach to security by using the two in conjunction.

Adopting app scanning to protect organizations and end-users

As employees increasingly demand more apps for business, IT administrators must block malicious applications and certify that internal and third-party applications meet their organization’s security standards. Administrators need to protect organizations from publicly available malicious applications, risks that come with internal and third-party apps, and address concerns around apps accessing personal data on employee-owned devices. In order to address these concerns, organizations must integrate app scanning into their business platform.

With app scanning, IT administrators can identify common app risks, such as access to privacy settings, insecure network connections, malicious code and more. By scanning the applications, administrators can identify potential privacy, behavior, and design and programming risks. This information gives IT administrators the ability to assess whether an application is safe for business use or blacklist the application if it does not meet the minimum security standard, empowering them to take action and eliminate current and future risks.

When it comes to adopting any new technology, the less time organizations spend worrying about security, the more they can focus on driving core business strategies. Therefore, understanding technology trends and predicting their impact is vital to any organization’s mobility strategy.