The Gramm-Leach-Bliley Act (GLBA) is a US public law that reformed the financial services industry and addressed concerns about consumer privacy protection. It required the Federal Trade Commission (FTC) and other financial services regulators to implement regulation addressing GLBA privacy provisions such as the Financial Privacy Rule and the Safeguards Rule. GLBA requirements to safeguard sensitive consumer data apply to financial institutions that offer financial products and services to consumers, such as loans, investment advice, and insurance. The FTC is charged with enforcing compliance.
Azure and GLBA
Azure can help you comply with the security requirements of the GLBA by providing technical and organizational safeguards to help you maintain security and prevent unauthorized usage.
Azure has developed an Excel-based cloud security diagnostic tool intended to expedite a risk assessment that a financial institution may want to conduct relative to Azure services. The tool is based on a spreadsheet featuring 19 tabs (each for a separate information security domain) that track requirements set forth by relevant standards and financial services regulations, including GLBA (see Column R in the spreadsheet). The risk assessment tool is pre-populated with explanations for how Azure complies with requirements applicable to cloud service providers and can assist customers in meeting their own compliance requirements, including the security requirements of GLBA.
Office 365 and GLBA
For more information about Office 365 compliance, see Office 365 GLBA documentation.
To assist financial institutions subject to GLBA compliance with cloud adoption, Microsoft has published the following risk assessment tool that you can download from the Service Trust Portal Data Protection Resources - Compliance Guides section:
Frequently asked questions
How do I know if must comply with the GLBA? For more information, see FTC guidance on Who is covered by the Privacy Rule.
- Azure compliance documentation
- Azure enables a world of compliance
- Microsoft 365 compliance offerings
- Compliance on the Microsoft Trust Center
- Gramm-Leach-Bliley Act (GLBA)
- GLBA Financial Privacy Rule
- GLBA Safeguards Rule
- Microsoft Cloud for financial services
- Microsoft financial services resources on Service Trust Portal
- Azure solutions for the finance industry
- Microsoft Cloud financial services compliance program
- Compliance map of cloud computing regulatory principles and Microsoft online services
- Risk assessment and compliance guide for financial institutions in the Microsoft Cloud