Reasonable Security: A Moving Target

Cyber Security
13 minute read | June.13.2018


The concept of ‘reasonable security’ for personal information maintained by financial institutions began with the Gramm-Leach-Bliley Act (GLBA). On 12th November, 1999, Congress enacted GLBA, a landmark privacy and data security law which required the federal financial regulatory agencies to ‘establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical, and physical safeguards —

(1) To insure the security and confidentiality of customer records and information;

(2) To protect against any anticipated threats or hazards to the security or integrity of such records; and

(3) To protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.’

Originally published in Cyber Security; reprinted with permission.