Gramm-Leach-Bliley Financial Services Modernization Act of 1999
The Gramm-Leach-Bliley Financial Services Modernization Act (GLBA) addresses the protection of nonpublic personal information by all financial institutions. The new government regulations are not only for publicly traded companies. As a business, best practices require you also know the important sections of current regulations, and that you incorporate the spirit of these into your activity.

Requirements
GLBA is intended to ensure the confidentiality and security of customers against any reasonably anticipated internal or external threat or hazard while protecting them against unauthorized access to or use of such data that would result in substantial harm or inconvenience.

GLBA requires financial institutions (defined as banks, thrifts and credit unions, as well as numerous non-depository institutions) to develop a written security plan that describes their protection programs for customer information (defined as any record containing nonpublic, personal information about a customer, whether in paper, electronic or other form, that is maintained by or on behalf of the institution).

365 Main Compliance
Auditors are specifically asking for documented policies describing the controls on the security and integrity of personal and private financial data. They are also looking for copies of business continuity plans and manuals and want to see evidence of general testing of deployed solutions – in addition to improvements from test to test. They are also asking for proof of Statement of Auditing Standards (SAS) 70 compliance, which seeks evidence of “effectively designed control objectives and control activities” and sometimes requiring network diagrams.

365 Main – The World’s Finest Data Centers