Gramm-Leach-Bliley Act

The Gramm-Leach-Bliley Act (GLBA) of 1999 is a law that requires financial institutions, including academic institutions that services loans, to explain their information-sharing practices to their customers and to safeguard sensitive data. The ISO is responsible for assisting the Institute with compliance of the latter. The legislation provides five specific elements that must be in place to ensure the proper safeguarding of sensitive data. These elements are:

  1. InfoSec program coordinator - "Designate an employee or employees to coordinate your information security program." - 16 CFR 314.4(a)
  2. Identify risks - "Identify reasonably foreseeable internal and external risks…that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise…" ibid (b)
  3. Safeguards to control the risks - "Design and implement information safeguards to control the risks you identify through risk assessment, and regularly test or otherwise monitor the effectiveness of the safeguards' key controls, systems, and procedures." ibid (c)
  4. Oversee service providers - "Oversee Service Providers, by:
    1. Taking reasonable steps to select and retain service providers capable of maintaining appropriate safeguards…and
    2. Requiring Service Providers by contract to implement & maintain such safeguards." ibid (d)
  5. Evaluate & adjust the program - "Evaluate and adjust your information security program in light of the results of the testing and monitoring…" ibid (e)

For additional information, visit the FTC page on GLBA

© Wentworth Institute of Technology   |   550 Huntington Avenue   |   Boston, MA 02115   |   617-989-4590