Gramm-Leach-Bliley Act

The formal title of this law is the Financial Services Modernization Act. The act is more commonly known as the Gramm-Leach-Bliley Act or as the acronym GLBA. The act was directed primarily at allowing expanded functions and relationships among financial institutions. The law covers how and under what circumstances bank holding companies can undertake new affiliations and engage in previously restricted activities.

GLBA Requirements

From the perspective of an impact on internal controls, the GLBA Title V section provided a series of specific regulations governing how individual information for customers of financial institutions may be shared. GLBA requires that financial firms disclose to customers the institutions' privacy policies and practices. The law provides some limited control to customers about how the information retained by a financial institution may be retained via an "opt-out" option. On an annualized basis, the financial institution is required to reinform clients of the institutions' privacy policies.

Although GLBA does not explicitly refer to security and privacy of data over wireless networks, the implication of that protection is there. For firms providing data aggregation services to mobile devices or firms providing account information and the like via wireless networks, it is critical that the wireless networks are secured as adequately as wired networks. Furthermore, internal wireless networks are being used more and more to reduce the costs and time to roll out corporate networks. As a result, internal procedures and safeguards for wireless networks must be in place.

Electronic Communications Privacy Act regulates the monitoring of online information unless specific legal directives make exceptions.

Computer Fraud and Abuse Act of 1986, 18 U.S.C. 1001, established felony penalties for breaking into federal interest computer systems and penalties for illegally obtained computer password trafficking. Essentially this law clarified that unauthorized computer entry was considered illegal. In the early 1980s, entry into U.S. federal computer systems was not considered illegal.

Healthcare Insurance Portability and Accountability Act (HIPAA) provides guidance on how confidential patient information can be treated and accessed.

The U.S. Congress signed the Gramm-Leach-Bliley Act (GLBA) into law on November 12, 1999. The intent of the law was to encourage adequate competition among members of the financial services industry. The GLBA was similar to HIPAA (a healthcare legislation) in that both laws sought to encourage efficiencies in their respective industries. Similarly, both recognized the need for security and the privacy of the individual. The GLBA specifies, in seven titles, the specific requirements for all major financial players, including banks, securities firms, and insurance companies and the responsibilities of the financial community to protect the individual’s right to privacy.

These are major parts (or titles) of the GLBA:
TITLE I: facilitating affiliations among banks, securities firms, and insurance companies
This title covers the inner details of the banking industry and the change that allows banks and brokerage firms to merge their operations (previously disallowed under the Glass-Steagall Act).

TITLE II: functional regulation
This title defines rules for functional regulation of bank securities activities (among other easing of restrictions).