The Gramm-Leach-Bliley Act (GLBA) and securing sensitive data records

PCI DSS compliance
HIPAA compliance
GLBA compliance
The Data Protection Act

Test data management and The Gramm-Leach-Bliley Act (GLBA)

The Gramm-Leach-Bliley Act (GLBA) is an act of the United States Congress which allows commercial banks, investment banks, securities firms, and insurance companies to consolidate. The law was passed to legalize mergers on a permanent basis.

Section 501 of the GLBA addresses "Protection of Nonpublic Personal Information". It requires federal banking agencies, the National Credit Union Administration (NCUA), the Securities and Exchange Commission (SEC), the Secretary of the Treasury, and the Federal Trade Commission (FTC) to consult with one another to establish consistent and comparable standards for financial institutions related to administrative, technical and physical safeguards for customer information.

The GLBA Safeguards Rule specifies three kinds of safeguards or controls required by financial institutions when implementing security:

Administrative Safeguards: financial institutions must document formal policies and practices for data protection, including the organization’s security management process and implementation specifications
Physical Safeguards: financial institutions must protect customer data from the hazards of fire, weather, environment and intrusion
Technical Safeguards: financial institutions must control direct access to information by individuals, and must also guard against unauthorized access via a network

The last and final Safeguard, the Technical Safeguard, applies to the data security process which protects data stored on endpoints through a combination of user authentication, data encryption, data de-identification/data masking and port control.

Grid-Tools specializes in securing financial data when it is used outside of the production environment. Applying masking algorithms to test and development data can help secure this data so it maintains compliance with the GLBA and many other industry regulations. Grid-Tools can offer three methods for provisioning secure, compliant, unidentifiable test data:

Database subsetting: create smaller, targeted, referentially intact versions of databases for testing and development. The data masking process can be applied to subsets to provision secure test environments.
Data masking: secure sensitive data records using data de-identification and data masking methods. Grid-Tools do not use a separate staging environment to de-identify records, as most data masking vendors (read our white paper for more information).
Data creation: create high-quality test data from scratch using a dynamic data modeling and sampling technique. Data creation provides "synthetic" data, so the data cannot be re-engineered and will always be the most secure and compliant method.

Back to the top