Financial Services (GLBA) report

This report displays GLBA issues found on your site. Many web application vulnerabilities might lead to security breaches of personal information, directly or indirectly, and might be considered as violations of the regulation.

Why it matters

The Financial Services Modernization Act of 1999, more commonly known as the Gramm-Leach-Bliley Act (GLBA), includes provisions to protect consumers' personal financial information held by financial institutions. Repealing the Depression-era barriers that separated banking, insurance and securities, the Act allows U.S. financial services providers (including banks, securities firms, and insurance companies) to affiliate with each other and enter each other's markets. The legislation is intended to ensure financial institutions protect sensitive customer information that might be accessible to hackers through environments enabled for the web,, including Internet connectivity and hosting arrangements. The Safeguard Rule went into effect in 2003, requiring proactive steps to ensure free security of customer information.

Although this legislation modernizes the U.S. financial landscape, it also contains significant privacy and security elements for individuals, including the:

  • Provision of a comprehensive privacy notice upon application and on an annual basis. The privacy notice should include what information the institution collects about its customers, with whom it shares the information, and how it protects or safeguards the information.
  • Provision of a detailed security policy that identifies and assesses the risks that might threaten customer information. The policy must outline specific security measures that the institution will take in implementing a security program.
  • Provision of opt-out rights for any sharing of personal information with nonaffiliated 3rd party companies. The privacy notice must explain how consumers can opt out. The privacy notice also must explain that consumers have a right to say no to the sharing of certain information, such as credit report or application information, with their financial institution's affiliates.
  • Implementation of significant security safeguards.

Best practices for complying with GLBA

  • Provide a privacy notice at all online application points.
  • Ensure that opt-out notices and mechanisms are available at certain online information collection points.
  • Implement security safeguards over the collection of financial information online.
  • Ensure that personal financial information is not being passed to 3rd parties in contravention of sharing rules.
  • Protect against any anticipated threats of hazards to the security or integrity of customer records.
  • Protect against unauthorized access to or use of these records or information that might result in substantial harm or inconvenience to a customer.