GLBA (US)

GLBA overview

The Gramm-Leach-Bliley Act (GLBA) is a US public law that reformed the financial services industry and addressed concerns about consumer privacy protection. It required the Federal Trade Commission (FTC) and other financial services regulators to implement regulation addressing GLBA privacy provisions such as the Financial Privacy Rule and the Safeguards Rule. GLBA requirements to safeguard sensitive consumer data apply to financial institutions that offer financial products and services to consumers, such as loans, investment advice, and insurance. The FTC is charged with enforcing compliance.

Azure and GLBA

Azure can help you comply with the security requirements of the GLBA by providing technical and organizational safeguards to help you maintain security and prevent unauthorized usage.

Azure has developed an Excel-based cloud security diagnostic tool intended to expedite a risk assessment that a financial institution may want to conduct relative to Azure services. The tool is based on a spreadsheet featuring 19 tabs (each for a separate information security domain) that track requirements set forth by relevant standards and financial services regulations, including GLBA (see Column R in the spreadsheet). The risk assessment tool is pre-populated with explanations for how Azure complies with requirements applicable to cloud service providers and can assist customers in meeting their own compliance requirements, including the security requirements of GLBA.

Applicability

  • Azure

Office 365 and GLBA

For more information about Office 365 compliance, see Office 365 GLBA documentation.

Guidance documents

To assist financial institutions subject to GLBA compliance with cloud adoption, Microsoft has published the following risk assessment tool that you can download from the Service Trust Portal Data Protection Resources - Compliance Guides section:

Frequently asked questions

How do I know if must comply with the GLBA?
For more information, see FTC guidance on Who is covered by the Privacy Rule.

Resources