Digital Forensic Certification Practice Exam

Which law, enacted in 1999, mandates financial institutions to protect sensitive data?

• A. Health Insurance Portability and Accountability Act (HIPAA)
• B. Electronic Communications Privacy Act (ECPA)
• C. Gramm-Leach-Bliley Act (GLBA)
• D. Federal Information Security Management Act (FISMA)

The correct answer is: Gramm-Leach-Bliley Act (GLBA)

The Gramm-Leach-Bliley Act (GLBA), enacted in 1999, is crucial in establishing regulations for financial institutions concerning the protection of sensitive customer data. This legislation requires these institutions to implement appropriate measures to safeguard the privacy and security of non-public personal information. Specifically, GLBA mandates that financial institutions provide a privacy notice to their customers, explaining what information is collected and how it is shared, as well as the measures taken to protect that data. GLBA is significant as it aims to restore public confidence in the financial services industry by ensuring that individuals’ private information is not disclosed without consent. The requirements set forth in this act extend to various entities within the financial sector, including banks, insurance companies, and investment firms, ensuring a comprehensive approach to data protection across the industry. In contrast, other laws mentioned, such as HIPAA, primarily address health information privacy, the ECPA deals with electronic communications and privacy in general, and FISMA focuses on the information security of federal agencies rather than specifically regulating financial institutions. Therefore, the GLBA stands out as the law directly related to the protection of sensitive data in the financial sector.