The Gramm-Leach-Bliley Act, which became effective in 2001, calls on financial institutions, as well as their partners and contractors, to protect the personal financial information of consumers. In that respect, it is very similar to the HIPAA; the difference being that HIPAA protects privacy for health care consumers, and GLB protects the privacy of banking consumers.

GLB is actually a set of guidelines for putting safeguards in place that protects the security, confidentiality, and integrity of information relating to financial customers; the parts of GLB that relate specifically to IT security and email security are the Financial Privacy Rule, which governs use of private financial information; and the Safeguards Rule, which mandates that financial institutions have a plan to protect consumer data’s confidentiality and integrity.

Like HIPAA, GLB imposes some major challenges to financial institutions in terms of providing privacy. Firewalling and access control are a major part of GLB, although email security also figures into the mix of compliance.

Continue reading Gramm-Leach-Bliley and email security