What does GLBA stand for and How is GLBA compliance determined?
GLBA stands for the Gramm-Leach-Bliley Act, which became law in 1999. It requires companies significantly involved in financial activities to share their data privacy practices and use safeguards to prevent any sensitive personal information they collect from customers from being compromised or improperly sold for profit. The law also imposes sharing restrictions on certain companies that receive sensitive personal customer information collected by another company.
To determine if your business needs to comply with the GLBA’s compliance regulations, you need to find out whether your business is:
- A “financial institution” as defined by the GLBA, or
- Receiving sensitive information--such as customer social security information or credit card numbers – from a third-party business considered to be a “financial institution.”
Because the GLBA defines a “financial institution” very broadly, its rules can apply to businesses not traditionally considered financial institutions—such as tax law firms or financial career counselors—so long as they service the financial industry or are significantly engaged in certain types of financial activities. Companies considered to be “financial institutions” are required to provide mandatory, clear and conspicuous privacy and data sharing opt-out notices to certain individuals and companies they do business with, and also take measures to safeguard their sensitive personal data. Companies not considered GLBA financial institutions may still face a number of sensitive information sharing restrictions if they receive this data from GLBA financial institutions. The consequences for noncompliance are severe, often involving fines of up to $100,000 per violation or imprisonment of up to 5 years. Because the GLBA only sets minimum requirements for protecting sensitive personal information, stricter state laws and regulations may also apply.
GLBA data center and cloud hosting; how does it work?
Oftentimes, federal laws that regulate certain types of businesses trickle down to indirectly regulate the providers and businesses that service them. Cloud hosting and data center providers are no exception. All of AbacusNext’s data centers use SOC2/SSAE16 certified data centers and sophisticated security protocols to ensure your data is highly secure, and our cloud hosting environments can be customized to meet your specific compliance needs.
GLBA hosting; how to audit and maintain compliance?
The GLBA requires affected companies to develop and use security programs that not only ensure the security and confidentiality of customer information, but also protect it against cyberattacks and instances of unauthorized access that could compromise or otherwise harm customers. It also requires companies to regularly report to and update customers on the steps they’re taking to protect customers’ sensitive data. As a result, companies must have an IT infrastructure and data privacy plan in place that can produce audit-ready documents, limit system downtimes, and detect and resolve cyberattack vulnerabilities. AbacusNext can work with your team to ensure you have the tools and IT frameworks in place to meet these demands.
What other compliance standards are similar to GLBA?
In addition to the GLBA, companies conducting business in the United States may also need to comply with HIPAA’s compliance standards for safeguarding customer and patient data. Businesses dealing with international customers may face additional regulations, such as PIPEDA in Canada and the European Union’s GDPR. Abacus Private Cloud can be customized to support any of these compliance standards.
Are there AbacusNext clients that are GLBA compliant today?
Absolutely! Cloud-based solutions can be customized to meet specific compliance standards. Whether you’re using Abacus Private Cloud or any of our other solutions, our team can configure your Abacus hosting environment and tools to be GLBA-compliant. For more information, contact one of our support specialists today.