Gramm-Leach-Bliley Act

The Office of the Comptroller of the Currency (OCC) announced on August 6 that it had issued an $80 million civil penalty against Capital One, N.A., and Capital One Bank (USA), N.A.

The OCC cited noncompliance with 12 C.F.R. Part 30, Appendix B, “Interagency Guidelines Establishing Information Security
Standards.” Similar versions of these standards apply

Comments to the final California Consumer Privacy Act regulations asked if the  CCPA carve-out regarding the Gramm Leach Bliley Act (GLBA), the data protection law governing US financial institutions, applies to:

  1. Financial institutions under GLBA
  2. Service providers that must comply with GLBA
  3. Sources of information that are subject to GLBA
The California Attorney General’s Answer:

Changes to the Safeguards Rule and the Privacy Rule applicable to financial institutions under the Gramm Leach Bliley Act are in the works.

The FTC is proposing changes to the Safeguards Rule to add more detailed requirements for what should be included in the comprehensive information security program mandated by the Rule. This will include:

The U.S. House of Representatives, referred to the House Committee on Energy and Commerce on April 30, 2009, continues to debate, revise and take testimony on a major piece of proposed federal legislation regarding privacy, the Data Accountability and Trust Act (H.R. 2221) (“DATA”).
Continue Reading Data Accountability and Trust Act: Federal Breach Notification, Data Security Policies and File Access Addressed