It’s not, however, only banks that fall under GLBA’s umbrella. New rules will affect retailers offering credit terms to their customers, higher education institutions that administer federal student aid and others a well, explains Kayne McGladrey, Field CISO for See more +

It’s not, however, only banks that fall under GLBA’s umbrella. New rules will affect retailers offering credit terms to their customers, higher education institutions that administer federal student aid and others a well, explains Kayne McGladrey, Field CISO for Hyperproof.

The FTC, has set June 2023 as the deadline for compliance with the revised GLBA Safeguards Rule. It requires that affected organizations:

Have a qualified individual to implement and enforce an information security plan

Conduct a periodic cybersecurity risk assessment

Implement cybersecurity controls to manage those risk

Document who has access to customer data

Assess the risks of applications that can access the data

Securely destroy old data

Periodically test the controls to verify their effectiveness

In addition, staff needs to be trained, there must be a written incidence response plan and ongoing testing.

It is a considerable commitment, Kayne points out, but since it overlaps with the requirements of the European General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), many organizations may already have significant structures in place.

Even so, it’s important to conduct a gap analysis, he advises, to ensure all the requirements are being met.

Listen in to learn more about what Gramm-Leach-Bliley now requires for your organization. See less -