The federal law that requires financial institutions, including CPA firms, to protect consumers' nonpublic personal information.
The Gramm-Leach-Bliley Act (GLBA), enacted in 1999, governs how financial institutions handle nonpublic personal information about consumers. Title V splits into the Privacy Rule (notice and consent for sharing data with non-affiliates) and the Safeguards Rule (information security program requirements). The FTC enforces both for non-bank financial institutions, including CPA firms, tax preparers, bookkeeping firms, and enrolled agents. The 2023 Safeguards Rule amendments operationalized GLBA into concrete, enforceable security requirements.
GLBA is the statutory backbone behind every FTC Safeguards Rule citation. When a firm is investigated for a breach, the FTC frames the inquiry as a GLBA enforcement matter. Cyber insurance application questions that ask about GLBA compliance are asking whether you have a working information security program and a WISP. Understanding GLBA explains why all the rules exist.
A federal regulation requiring financial institutions, including tax preparers, to develop and maintain a comprehensive information security program.
Any business significantly engaged in providing financial products or services to consumers, which includes CPA firms, tax preparers, and bookkeepers.
A documented set of policies and procedures describing how your firm protects sensitive client data.
Buy the WISP yourself if you need the document.
Talk to us if you want the platform.
We use cookies to measure site performance and improve your experience. No data is sold to third parties. Privacy Policy