Gramm-Leach-Bliley Act (GLBA)

GLBA overview

The Gramm-Leach-Bliley Act (GLBA) is a US law that reformed the financial services industry, allowing commercial and investment banks, securities firms, and insurance companies to consolidate, and addressed concerns about protecting consumer privacy. It required the Federal Trade Commission (FTC) and other financial services regulators to implement regulations to address such privacy provisions as the Financial Privacy Rule and the Safeguards Rule. GLBA requirements to safeguard sensitive consumer data apply to financial institutions that offer financial products and services to consumers, such as loans, investment advice, and insurance. The FTC is charged with enforcing compliance.

Microsoft and GLBA

Microsoft Azure, Microsoft Office 365, Dynamics 365, and Microsoft Power BI can help meet the stringent requirements of providing cloud services for financial services institutions. As part of our support, we offer guidance to help you comply with the requirements of the GLBA by providing technical and organizational safeguards to help maintain security and prevent unauthorized usage.

Microsoft has developed risk assessment tools for both Azure and Office 365 to help you more efficiently conduct a risk assessment of Azure and Office 365 services. The tool (an Excel spreadsheet) features 19 information security domains (such as security policy and risk management) that track the requirements of financial services regulations and other relevant standards, including GLBA (in Column R in the Azure spreadsheet and Column Q in the Office 365 spreadsheet). The tools explain how Azure and Office 365 comply with each requirement applicable to cloud service providers and can help you meet GLBA security requirements.

Promote your GLBA compliance

Microsoft in-scope cloud services

  • Azure
  • Dynamics 365
  • Intune
  • Office 365
  • Power BI cloud service either as a standalone service or as included in an Office 365 branded plan or suite

Frequently asked questions

How do I know if my financial institution must comply with the GLB Act?

The FTC answers this in detail on its GLB Act page, Who is covered by the privacy rule?

Use Microsoft Compliance Manager to assess your risk

Microsoft Compliance Manager is a feature in the Microsoft 365 compliance center to help you understand your organization's compliance posture and take actions to help reduce risks. Compliance Manager offers a premium template for building an assessment for this regulation. Find the template in the assessment templates page in Compliance Manager. Learn how to build assessments in Compliance Manager.


Other Microsoft resources for financial services