What is GLBA & Why & Who Needs To Comply?

What is the Gramm-Leach-Bliley Act (GLBA)?

The Gramm-Leach-Bliley Act (GLB Act or GLBA), also known as the Financial Modernization Act of 1999, is a federal law enacted in the United States to control the ways that financial institutions deal with the private information of individuals. The Act also requires financial institutions to give customers written privacy notices that explain their information-sharing practices.

Who Needs To Comply With GLBA & Why?

Who? The GLBA's privacy protections only regulate financial institutions engaged in banking, insuring, stocks and bonds, financial advice & investing.


Why? There are severe penalties for non-compliance: imprisonment for up to 5 years, steep fines or both. A financial institution can be fined up to $100,000 for each violation; officers and directors can be fined up to $10,000 for each violation.

Checklist of safeguards for GLBA Compliance

A checklist of safeguards that financial institutions need to be aware of:

  • Develop a written information security policy
  • Identify risks to customer data, and test & monitor safeguards and perform security audits.
  • Train employees on best practices in secure document management and destruction, both in and out of the workplace.
  • Implement a document management policy that limits access to customer information, and tracks private information from generation and storage to destruction.
  • Select service providers that maintain safeguards and provide secure document shredding services.
  • Securely dispose of electronic data

How does LuitBiz DMS help you become GLBA compliant?

LuitBiz DMS can help comply with GLBA that are pertain to document and records management. Let’s take a look at some of the key elements of the GLBA regulations and how LuitBiz DMS addresses them:


What it means

How LuitBiz DMS helps

Data Security

Access must be controlled to protected financial data via means like unique user-rolls and user-based permissions. All points of access to data, (database, file, folder, etc.), must be appropriately restricted to only provide access to those that are permitted.

All documents and records are access controlled. Access in controlled at the folder level and users without access to a particular folder cannot even know about the existence of that folder in the system.

Privacy Notice Notifications

The Financial Privacy Rule (“Privacy Rule”) requires financial institutions to provide each consumer with a privacy notice at the time the customer relationship is established and annually thereafter. The privacy notice must explain the information collected about the consumer, where and with whom that information is shared, how that information is used, and how that information is protected.

LuitBiz DMS allows users to send email notifications to customers about their documents and maintains a log of all the emails sent to the customers. Additionally, email notification alerts are sent to responsible persons whenever some sensitive documents are modified or deleted in case an authorized user tries to breach the security system. This protects data even further.

NPI Collection

Nonpublic Personal Information (NPI) like name, address, phone number, Social Security Number, account balances, etc must be collected and it should be mentioned clearly with whom – an affiliated third-party or a non-affiliated third-party the NPI will be shared.

The document tagging templates of LuitBiz DMS allows group leaders to define NPI data collection templates that need to be filled out and attached to customer documents. These can contain all the NPI related data as well as the guidance on how and with whom the NPI data must be shared.