GLBA applies to the financial services industry (insurance, securities, banking), and includes credit reporting agencies, ATM operators, appraisers, couriers, and tax preparers

• Specifically makes pretexting illegal.
• With the exception of a few specific acts being made illegal, and fair credit and consumer rights being spelled out, little of the legislation is directly applicable to IT.
• Section 501(b) however does provide the Federal Trade Commission with a mandate to protect non-public information with "administrative, technical, and physical safeguard" specified by the Federal Trade Commission in 16 CFR Part 314 Standards for Safeguarding Customer Information (2002)
• The FTC directives specify safeguards that are "appropriate" to the individual organization, allowing entities of different sizes to select controls that are cost effective, and appropriate to the size and means of the organization.
• ISO7799 is referred to as a starting point in many of the legislative summaries and practical implementation guides.

Related Standards and Items

Standards for Safeguarding Customer Information

16 CFR Part 314, Federal Trade

Commission (2002)

Fair Credit Reporting Act (FCRA)

Financial Privacy Rule

Federal Financial Institutions Examination Council (FFIEC)

Federal Reserve

"Responsible for supervising and regulating banking institutions and containing systemic risk" Overview of the Federal Reserve System, Board of Governors of the Federal Reserve system (2005)

Federal Deposit Insurance Corporation

Mission: "examining and supervising financial institutions for safety and soundness and consumer protection" FDIC Mission, Vision, and Values, FDIC $(2009)$

Financial Data Protection Act of 2005