What is the Gramm-Leach-Bliley Acts (GLBA)?

Written By Todd Mitchell

The Gramm-Leach-Bliley Act (GLBA) was a significant piece of legislation for the banking and insurance industries. It requires proper handling of a customer’s name, address and other customer information gained by the financial institution in the course of conducting business. The act mandates secure storage of the information and providing customers a chance to opt out of sharing the information (Virtue, 2014).

One major benefit of the legislation is that the customer is given a written privacy notice detailing what information could be shared and how. This allows customers to make an informed decision about what they will allow to be shared or what information they opt out of sharing.

One issue that law makers and consumers have raised is that the privacy statements are not readable to the average person. The statements are not consistent across the industry and they are written in such legal terms that they are hard to understand. According to research 72% of the statements are written at an undergraduate college level and 16% are written at a graduate level (Lewis, Colvard, & Adams, 2008).

It is very true that Verizon and other cloud sharing platforms like Google and Skype must update their privacy policies to make them easier to read. They must also update the security policies implementation themselves to include how data is handled. Simply encrypting files is no longer sufficient on a public cloud domain. The fact that they are not the owner of the files, the consumer is, makes it even more important for consumers to take an active role in deciding what is shared.

References:       

Lewis, S. D., Colvard, R. G., & Adams, C. N. (2008). A comparison of the readability of privacy statements of banks, credit counseling companies, and check cashing companies. Journal of Organizational Culture, Communications & Conflict, 12(2), 87-93. Retrieved from http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com.ezproxy.umuc.edu/login.aspx?direct=true&db=bth&AN=41336981&site=eds-live&scope=site

Pervez, Z., Khattak, A., Lee, S., Lee, Y., & Huh, E. (2012). Oblivious access control policies for cloud based data sharing systems. Computing, 94(12), 915-938. doi:10.1007/s00607-012-0206-z

Virtue, T. (2014). U.S. legal and regulatory security issues. In S. Bosworth, M. E. Kabay, & E. Whyne (Eds.), Computer security handbook (6th ed., pp.64.1 - 64.16). New York, NY: John Wiley & Sons. Course textbook.

Todd Mitchell
Previous

What Cybersecurity vulnerabilities are in Online Retail Banking?
Next

Only having one copy of critical data is bad