Data Security Compliance for the Financial Services Industry
Nearly all financial services companies and financial institutions are subject to a number of compliance mandates. The Gramm-Leach-Bliley Act (GLBA) and the Dodd-Frank Wall Street Reform and Consumer Protection Act both provide specific guidance on how financial services organizations need to protect consumer data within financial systems. The enforcement of these regulations is overseen by both the Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB). In addition, the Sarbanes-Oxley (SOX) regulation seeks to protect investor information, but is vague when it comes to specific required activities. Those organizations processing credit card information, must also comply with the Payment Card Industry Data Security Standard (PCIDSS). Lastly, those financial services companies residing in the state of New York now must also comply with the new Cybersecurity Requirements (23 NYCRR 500), which outlines specific technical and administrative controls to be in place.